mizzen-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow and CLI reference explicitly instruct the agent to fetch and process user-generated conversation data from the Mizzen platform (e.g., "mizzen conversations transcript " and "mizzen conversations answers " in rules/cli-reference.md and rules/workflow.md), so the agent will read untrusted third‑party content that could contain instructions influencing its behavior.