Fabric

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's UpdatePatterns workflow explicitly runs "git pull from upstream fabric repository" and the ExecutePattern flow "Reads Patterns/{pattern_name}/system.md" and "Applies pattern instructions directly as prompt", meaning prompts fetched from a public upstream repo (untrusted third-party content) are ingested and executed, which can materially alter agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). High-confidence: the UpdatePatterns workflow explicitly runs a runtime "git pull from upstream fabric repository" and the fabric CLI supports " -u URL" for fetching URL content at runtime; those fetched pattern files (system.md) directly define prompts/instructions, so the upstream git repo / arbitrary fetched URLs are runtime dependencies that can control agent prompts.