fabric
Fail
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to install the core CLI tool using a high-risk command that pipes a remote script directly into the bash shell.\n
- Evidence:
curl -fsSL https://raw.githubusercontent.com/danielmiessler/fabric/main/scripts/installer/install.sh | bashfound inSKILL.md.\n- [COMMAND_EXECUTION]: The skill relies on the execution of multiple system commands and third-party tools to perform its functions, which are carried out via theBashtool.\n - Evidence: Commands such as
fabric,brew,winget,git, andnpmare used throughoutSKILL.mdandSKILL.toon.\n- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by design, as it pipes potentially malicious or untrusted external data directly into Large Language Model prompts.\n - Ingestion points: Data is ingested from external URLs (via
curl), system logs (/var/log/app.log), and development tool outputs (git diff,npm test) as seen inSKILL.mdsteps 2 and 7.\n - Boundary markers: The provided usage examples do not include delimiters or system instructions to ignore embedded commands within the piped input.\n
- Capability inventory: The skill has permissions to execute shell commands (
Bashtool) and perform network requests.\n - Sanitization: No evidence of input sanitization, escaping, or validation is present in the skill's instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/danielmiessler/fabric/main/scripts/installer/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata