pica-mastra
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill documentation requires installing @mastra packages and executing @picahq/mcp. Neither 'mastra-ai' nor 'picahq' are included in the Trusted External Sources list. Severity reduced from MEDIUM to LOW as this is the primary purpose of the skill.
- [COMMAND_EXECUTION] (LOW): The skill configures a subprocess to run the MCP server via 'npx', which involves shell command execution for transport.
- [REMOTE_CODE_EXECUTION] (LOW): The use of 'npx @picahq/mcp' downloads and executes remote code at runtime from the npm registry.
- [PROMPT_INJECTION] (LOW): Category 8 (Indirect Prompt Injection) finding: 1. Ingestion points: Tool results from connected PICA integrations (emails, CRMs) processed by the agent. 2. Boundary markers: Absent in provided examples. 3. Capability inventory: agent.stream/generate and MCP tool execution in SKILL.md. 4. Sanitization: No sanitization logic provided for external content.
- [CREDENTIALS_UNSAFE] (SAFE): The skill appropriately recommends using environment variables for API keys and provides examples for .env.local configuration.
Audit Metadata