pinchtab

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to arbitrary external URLs and ingests page content via commands/endpoints like pinchtab nav, pinchtab snap / pinchtab text and the HTTP API (see SKILL.md Core Workflow and references/api.md), and the MCP docs even note that pinchtab_snapshot and pinchtab_get_text can return hostile prompt text (references/mcp.md), so third‑party page content can be read and used to drive agent actions.