Fabric
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The UpdatePatterns workflow facilitates the installation of the fabric CLI tool and clones the pattern repository from the author's official GitHub account. These operations target vendor-controlled resources.
- [COMMAND_EXECUTION]: Skill workflows utilize standard system utilities such as rsync, git, and cat to synchronize local pattern storage and manage file execution within the skill directory.
- [PROMPT_INJECTION]: The skill represents a significant surface for indirect prompt injection. Its primary purpose is to process untrusted data (e.g., YouTube transcripts, academic papers, and server logs). Malicious instructions embedded in this processed data could potentially attempt to override agent behavior or bypass safety constraints, though the skill uses boundary markers like '# INPUT' to mitigate accidental obedience.
Audit Metadata