pinchtab

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to navigate to and ingest arbitrary external webpages (e.g., "pinchtab nav " in SKILL.md and the Navigate/ Snapshot/ text endpoints in references/api.md), so untrusted third-party page content can be read and directly influence subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly includes actions that modify local machine state—most notably "pinchtab daemon install" (install as system service) and profile creation/upload commands that write persistent files—so it can change system/service configuration and may require elevated privileges.