pica-openai-agents

The documentation and example code correctly show how to integrate PICA's MCP server with the OpenAI Agents SDK, but they recommend operational patterns that increase supply-chain and credential-exposure risk: notably using `npx @picahq/mcp` without pinning or verification and forwarding the entire process.env into the subprocess. The snippet itself does not contain direct malicious code, but following the advice as-is could make a deployment susceptible to credential leakage or supply-chain compromise. Recommend: pin package versions, verify artifacts, only forward minimal environment variables (e.g., PATH and PICA_SECRET), run the MCP subprocess under least privilege or in a sandbox, and audit the @picahq/mcp package and its dependencies before use.