pinchtab
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'pinchtab' binary via 'homebrew' or 'go install' from an external repository (github.com/pinchtab/pinchtab).
- [REMOTE_CODE_EXECUTION]: The 'pinchtab eval' command permits the execution of arbitrary JavaScript within the browser context, which can be used to access or manipulate DOM data and sensitive page secrets.
- [COMMAND_EXECUTION]: The 'pinchtab daemon install' command allows the agent to configure the tool as a system service, providing a mechanism for persistence that typically requires elevated privileges.
- [DATA_EXFILTRATION]: The skill manages persistent browser profiles containing session cookies and storage. The combination of navigation to external sites, JavaScript execution, and file 'upload'/'download' commands creates an exfiltration risk for sensitive authenticated data.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from web content processed during automation.
- Ingestion points: 'pinchtab text' and 'pinchtab snap' calls in SKILL.md and api.md.
- Boundary markers: 'Safety Defaults' and 'Rules' sections in SKILL.md provide guidance to the agent on operational constraints and preferred read-only operations.
- Capability inventory: Capabilities include 'click', 'fill', 'eval', 'upload', 'download', and 'daemon install' documented across the instruction files.
- Sanitization: No technical sanitization of ingested content is specified beyond instructional constraints for the agent.
Audit Metadata