pinchtab
Fail
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to install its software using the command
curl -fsSL https://pinchtab.com/install.sh | bashin SKILL.md. This pattern executes a script from an external domain directly in the system shell without prior verification, posing a severe risk of arbitrary code execution.\n- [COMMAND_EXECUTION]: The tool includes commands for establishing persistence on the host system, such aspinchtab daemon installmentioned in references/cli-reference.md, which installs the service as a background process.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the web.\n - Ingestion points: Web content extracted via
pinchtab textandpinchtab snap(SKILL.md).\n - Boundary markers: Absent; there are no instructions for the agent to distinguish between its own goals and instructions embedded in the scraped text.\n
- Capability inventory: The skill has access to the
Bashtool and can perform file uploads (/upload) and downloads (/download) as documented in references/api-reference.md.\n - Sanitization: Absent; the skill does not suggest any filtering or validation of the extracted web content before it enters the agent's context.\n- [COMMAND_EXECUTION]: The skill provides the ability to execute arbitrary JavaScript within the browser context via the
pinchtab evalCLI command and the/evaluateHTTP endpoint, which could be exploited to manipulate page data or steal session information.
Recommendations
- HIGH: Downloads and executes remote code from: https://pinchtab.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata