Fabric

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.88). The skill pack contains multiple dual-use and dangerous patterns: automatic file-creation/patching without guaranteed human approval, generators that produce ready-to-run exploit/scan commands, PoC extraction that outputs curl/exec commands, and explicit guidance to produce commands "as if a pentester or hacker will reuse them" — together these enable remote code insertion, credential/data exfiltration, and operationalization of attacks with minimal friction.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests third‑party web content and repos (SKILL.md: "fabric CLI" supports "-y URL" and "-u URL" for YouTube transcripts and URL fetching, and the UpdatePatterns workflow "Runs git pull from upstream fabric repository" to sync Patterns/), and those fetched patterns/system.md files are executed as prompts — untrusted public content that can change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The UpdatePatterns workflow explicitly performs a runtime "git pull" from an upstream fabric repository which syncs Patterns/ (the system.md prompt files) into the agent's local prompt directory — i.e. the remote git repository (e.g., git@github.com:org/fabric.git or an equivalent upstream remote) is fetched at runtime and directly controls agent prompts, so it is flagged.