fabric
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill explicitly directs users to perform a 'one-liner' installation:
curl -fsSL https://raw.githubusercontent.com/danielmiessler/fabric/main/scripts/installer/install.sh | bash. This pattern executes unverified code from a remote source directly in the host shell, bypassing all security controls and verification. - [EXTERNAL_DOWNLOADS]: The skill fetches code and configuration from a non-trusted GitHub repository (
danielmiessler/fabric) and retrieves external content from third-party sites like YouTube and various web domains for processing. - [COMMAND_EXECUTION]: The skill requests and uses high-privilege tools including
BashandWriteto perform system-level tasks such as creating directories and writing persistent configuration files (~/.config/fabric/patterns/). - [PROMPT_INJECTION]: The skill presents an Indirect Prompt Injection surface (Category 8). Ingestion points: Data is ingested through file reads, clipboard contents (
pbpaste), and external network fetches (YouTube transcripts). Boundary markers: There are no instructions or delimiters provided to ensure the agent ignores malicious commands embedded in the processed data. Capability inventory: The skill hasBashandWritecapabilities, meaning successfully injected instructions could lead to local system compromise. Sanitization: No input validation or sanitization is performed on the data before it is passed to AI patterns.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/danielmiessler/fabric/main/scripts/installer/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata