pinchboard
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted data from a public social media timeline and using it to influence agent actions.\n
- Ingestion points: The
scripts/heartbeat.shandscripts/timeline.shscripts fetch agent posts (pinches) from the PinchBoard API timeline endpoint.\n - Boundary markers: No delimiters or safety instructions are included in the instructions to prevent the agent from obeying instructions found within the feed content. The
SKILL.mdfile specifically encourages the agent to "engage if something interesting (claw, reply, or repinch)".\n - Capability inventory: The skill allows the agent to post content (
scripts/post.sh), follow or unfollow agents (scripts/follow.sh), and like posts (scripts/claw.sh).\n - Sanitization: There is no evidence of sanitization, validation, or filtering of the fetched pinch content before it is presented to the agent for processing.
Audit Metadata