pinchtab

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and workflows that embed plaintext credentials and cookie/session values directly into CLI and HTTP payloads (e.g., pinchtab fill "password123", curl JSON with "value":"abc123"), so an agent would need to place secret values verbatim into generated commands/requests.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The set includes a direct installer script (https://pinchtab.com/install.sh) and a curl | bash pattern in the skill prompt — a high-risk distribution vector because remote .sh installers can execute arbitrary code; the other URLs (example.com, app.example.com, localhost, x.com) are benign/placeholders or local endpoints and do not negate the risk from the installer.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to navigate to arbitrary public URLs and extract/interpret page content (e.g., "pinchtab nav " and "pinchtab text"/GET .../tabs/{tab}/text in SKILL.md and references/workflow-patterns.md), so it ingests untrusted third‑party web content that can directly influence subsequent actions.