fabric
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to install the fabric CLI by piping a remote shell script from a GitHub repository directly into the bash interpreter (
curl -fsSL ... | bash), allowing for the execution of unverified code with the user's current system privileges. - [EXTERNAL_DOWNLOADS]: The
fabric -ucommand is used to download and update a library of AI patterns from a remote repository at runtime without integrity checks, introducing unvetted external content into the local environment. - [COMMAND_EXECUTION]: The skill relies extensively on shell command execution and piping to process data, including instructions to read content from the system clipboard (
pbpaste) and system logs. - [CREDENTIALS_UNSAFE]: The setup process involves configuring sensitive API keys for multiple AI providers (
fabric --setup), which the skill stores in an unencrypted local configuration file (~/.config/fabric/.env). - [PROMPT_INJECTION]: The skill processes untrusted external data from web URLs and YouTube transcripts by interpolating it into AI prompts. Ingestion points: 'SKILL.md' (Steps 2, 4, and 7) using
curl,fabric -y, and Unix pipes. Boundary markers: Absent; no delimiters or warnings are used to segregate external content. Capability inventory: 'SKILL.md' (allowed-tools) includesBash,Write, andRead. Sanitization: Absent; no evidence of input validation or escaping before data is processed by the AI patterns.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/danielmiessler/fabric/main/scripts/installer/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata