The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on the execution of the pinchtab CLI binary and other system utilities like google-chrome, curl, and jq to perform its operations.
[REMOTE_CODE_EXECUTION]: The skill provides an eval command and an /evaluate API endpoint that allow for the execution of arbitrary JavaScript within the controlled browser instance. While a standard feature for automation, this represents a significant capability for running code provided by the agent or potentially derived from web content.
[EXTERNAL_DOWNLOADS]: The skill includes explicit functionality to download files from remote URLs via the pinchtab download command and the /download API endpoint.
[DATA_EXFILTRATION]: The skill can capture screenshots, export PDFs, and extract full page text. When combined with the ability to navigate to arbitrary URLs, this creates a surface for extracting information from internal or sensitive web services.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (IDPI) because it reads and processes data from external web pages. The documentation explicitly warns that tools like pinchtab_snapshot and pinchtab_get_text may surface hostile instructions from untrusted pages.
Ingestion points: Page content extracted via snapshot, text, or find commands across all scripts.
Boundary markers: The documentation suggests using security.idpi.allowedDomains to restrict browsing and warns agents to treat output as untrusted.
Capability inventory: The skill has extensive interaction capabilities including click, fill, eval (JavaScript), and download across all scripts.
Sanitization: No automatic sanitization of extracted content is provided; the skill relies on the agent's ability to ignore instructions.
[CREDENTIALS_UNSAFE]: The skill manages persistent browser profiles in ~/.pinchtab which store session cookies and authentication tokens for websites accessed by the agent, creating a local repository of sensitive authentication data.

pinchtab