pica

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to retrieve connection keys from list_pica_integrations and then include those connectionKey values verbatim in execute_pica_action calls (and even references API key formats like sk_live_), so the LLM must handle and output secret/credential values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill uses Pica MCP tools (list_pica_integrations, get_pica_platform_actions, execute_pica_action) to access data on 200+ third‑party platforms (e.g., Gmail, Slack and other social/integration platforms), so the agent will fetch and read user-generated/untrusted third‑party content via those APIs.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes explicit integrations with payment platforms (it lists Stripe) and provides a concrete execute_pica_action workflow that uses connection keys to perform platform-specific API actions. That combination enables performing payment-related operations (e.g., charges, refunds) via the Stripe integration, so it grants direct financial execution capability.