fabric
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to install the Fabric tool using a 'curl | bash' one-liner:
curl -fsSL https://raw.githubusercontent.com/danielmiessler/fabric/main/scripts/installer/install.sh | bash. This pattern executes remote code without prior inspection, bypassing local security controls. - [COMMAND_EXECUTION]: The skill requires the
Bashtool to execute various CLI operations, including pattern updates (fabric -u), environment setup (fabric --setup), and custom pattern creation using heredocs (cat > ... << 'EOF'). - [EXTERNAL_DOWNLOADS]: The skill's core functionality involves downloading and updating prompt 'Patterns' from a remote GitHub repository through the
fabric -ucommand. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted data:
- Ingestion points: Data enters the context via YouTube video transcripts (
fabric -y) and file reading (cat article.txt | fabric). - Boundary markers: The instructions do not specify any delimiters or safety warnings to prevent the agent from obeying instructions embedded within the processed text.
- Capability inventory: The skill has access to
Bash,Write, andReadtools, which could be exploited if an injected instruction targets the local system. - Sanitization: There is no evidence of sanitization or filtering applied to the external content before it is passed to the AI patterns.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/danielmiessler/fabric/main/scripts/installer/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata