fabric
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's setup documentation in
references/install-and-provider-setup.mdincludes a command to install the Fabric tool by piping a remote script from its GitHub repository directly into a shell (curl | bash). - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it is designed to ingest and process untrusted external data.
- Ingestion points: Untrusted data is retrieved from
stdin, local files, clipboard content, and transcripts as specified inSKILL.mdandreferences/routing-and-mode-selection.md. - Boundary markers: There are no instructions or scaffolds that use delimiters or warnings to prevent the agent from executing instructions embedded within the processed text.
- Capability inventory: The skill is granted access to the
Bash,Read, andWritetools, which could be leveraged if the agent obeys instructions found in the ingested data. - Sanitization: The skill does not implement any validation or escaping mechanisms for the external content it processes.
- [COMMAND_EXECUTION]: The skill is primarily centered around generating and executing shell commands using the
Bashtool to interact with the Fabric CLI and its pattern library. - [EXTERNAL_DOWNLOADS]: The skill references and provides commands to download configuration and scripts from external sources, specifically the official repository for the Fabric tool.
Audit Metadata