The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's reference documentation in references/install-and-provider-setup.md instructs the user or agent to execute a remote installation script by piping it directly into the bash interpreter (curl -fsSL https://raw.githubusercontent.com/danielmiessler/fabric/main/scripts/installer/install.sh | bash). This is a critical security risk as it executes unverified code from an external source.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool and provides multiple recipes for executing local shell commands to pipe text through the Fabric CLI. This capability allows the agent to run arbitrary terminal commands, which could be exploited if instructions are influenced by malicious input.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of processing untrusted external text artifacts (transcripts, logs, and scraped web content) without implementing safety measures.
Ingestion points: Untrusted data enters the agent's context through stdin, local files, clipboard contents, and transcript logs as defined in the fabric_intake logic in SKILL.md.
Boundary markers: There are no delimiters or explicit instructions provided to the agent to treat processed text as untrusted or to ignore embedded instructions.
Capability inventory: The agent has access to Bash, Read, and Write tools, which significantly increases the risk of an injection leading to unauthorized system actions.
Sanitization: The skill lacks any mechanism for validating, filtering, or escaping content before it is processed by the AI models.
[EXTERNAL_DOWNLOADS]: The skill documentation encourages the download and installation of third-party software through external package managers such as Homebrew and winget, as well as direct script downloads from GitHub.

fabric