Fabric
Fail
Audited by Snyk on Jun 30, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). The list is mostly benign official/CDN and GitHub links, but includes potentially dangerous items (exploit CVE repos, raw code blobs, direct .zip downloads on non‑trusted hosts, interactsh placeholders and a localhost notify endpoint) that make it a moderately suspicious distribution vector for malware.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The UpdatePatterns workflow explicitly runs a runtime "git pull" from the upstream fabric repository, which fetches remote pattern files (Patterns/*/system.md) that directly define prompts and thus control agent behavior (repo referenced as "upstream fabric repository" via git pull).
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata