Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: The
CONTENTparameter inscripts/fb-post.shwhich accepts untrusted user input. Boundary markers: None; content is interpolated directly into the automation flow. Capability inventory: Ability to perform browser navigation, text input, and JavaScript execution. Sanitization: No sanitization is applied to the input content. - [COMMAND_EXECUTION]: Employs dynamic JavaScript generation and execution via the
pinchtab evalcommand to facilitate image uploads, which allows for powerful browser interactions but increases the potential impact of script misuse. - [COMMAND_EXECUTION]: Accesses the local configuration file at
~/.pinchtab/config.jsonto retrieve authentication tokens and executes Python-based helper scripts (snap-helpers.py,tag-search.py) to process browser state.
Audit Metadata