fabric
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to install the framework by piping a remote shell script directly to bash:
curl -fsSL https://raw.githubusercontent.com/danielmiessler/fabric/main/scripts/installer/install.sh | bash. This pattern is high-risk as it executes unverified code from an external source. - [COMMAND_EXECUTION]: The skill requires the
Bashtool and provides numerous examples of executing CLI commands, including system configuration (fabric --setup), pattern updates (fabric -u), and running local API servers (fabric --serve). - [EXTERNAL_DOWNLOADS]: The skill frequently fetches data from external sources, including downloading a collection of 'Patterns' from a GitHub repository and extracting transcripts from YouTube URLs via the
fabric -ycommand.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/danielmiessler/fabric/main/scripts/installer/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata