fabric-ai
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from YouTube transcripts (-y ) and web content (-u ), creating an attack surface for indirect prompt injection. * Ingestion points: URL flags in SKILL.md. * Boundary markers: None defined in the prompt instructions. * Capability inventory: Potential for command execution via fabric patterns. * Sanitization: None provided for external inputs.
- [COMMAND_EXECUTION]: The workflow in SKILL.md includes an 'Execute' step, and several patterns (e.g., 'create_command', 'analyze_threat_report_cmds') are designed to generate CLI commands for security tools or other utilities, which may lead to unauthorized command execution if the agent has shell access.
Audit Metadata