PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab "v0.8.3" through "v0.8.5" allow arbitrary JavaScript execution through "POST /wait" and "POST /tabs/{id}/wait" when the request uses "fn" mode, even if "security.allowEvaluate" is disabled. "POST /evaluate" correctly enforces the "security.allowEvaluate" guard, which is disabled by default. However, in the affected releases, "POST /wait" accepted a user-controlled "fn" expression, embedded it directly into executable JavaScript, and evaluated it in the browser context without checking the same policy. This is a security-policy bypass rather than a separate authentication bypass. Exploitation still requires authenticated API access, but a caller with the server token can execute arbitrary JavaScript in a tab context even when the operator explicitly disabled JavaScript evaluation. The current worktree fixes this by applying the same policy boundary to "fn" mode in "/wait" that already exists on "/evaluate", while preserving the non-code wait modes. As of time of publication, a patched version is not yet available.