fabric

Overall, the Fabric skill presents a coherent tool for prompt orchestration with multi-provider routing and piping capabilities that align with its described purpose. However, there are security concerns primarily around the installation method (curl|bash from an unverified remote URL), potential broad credential access for multiple providers, and REST API exposure if not properly secured. The footprint is suspicious to high-normal for a developer tool due to the supply-chain risk and credential-handling surface, and should be treated as such until mitigations (verified checksums/signatures, pinning installer sources, explicit least-privilege config, robust auth on REST endpoints) are in place.