Skills
skills/picahq/skills/pica-vercel-ai-sdk/Snyk

pica-vercel-ai-sdk

Warn

Audited by Snyk on Feb 28, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly creates an MCP client (SKILL.md) that calls mcpClient.tools() and passes those dynamic tools into streamText so the agent will read and act on outputs from third-party integrations (CRMs, email/calendars/databases) and the reference file even instructs fetching public docs from ai-sdk.dev (.md URLs), meaning untrusted external content can influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill launches the MCP subprocess via "npx @picahq/mcp" at runtime, which fetches and executes remote code from the npm package @picahq/mcp (e.g. https://www.npmjs.com/package/@picahq/mcp) and is required for the skill to operate.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 28, 2026, 11:32 AM