What’s the scariest tool your agent can call?

For me it’s always one of these:

• 💸 Payments / billing (spend real money)

• 📤 Exports / data pulls (leak customer data)

• 🧨 Infra / ops (spin up compute, delete, deploy)

PIC Standard adds a machine-verifiable “Action Proposal” before any high-impact tool call.
Schema + verifier. If trust/evidence is insufficient, it fails closed and blocks the action.

Question: In your stack, what’s hardest to make safe?

1. trust levels (what’s actually “trusted”)

2. evidence (making claims verifiable)

3. multi-step workflows (mixed trust across steps)

If you reply with your use case, I’ll suggest how to model it in PIC (impact class + proposal shape + where to enforce).