Skills
skills/robzolkos/fizzy-cli/fizzy/Gen Agent Trust Hub

fizzy

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes system commands using the fizzy CLI and uses jq to process and filter JSON output.
  • [PROMPT_INJECTION]: The skill processes untrusted data from the Fizzy API, which presents a surface for indirect prompt injection.
  • Ingestion points: Data retrieved from card show, card list, and comment list commands, as well as the welcome_message field in the signup response (SKILL.md).
  • Boundary markers: The instructions lack delimiters or safety markers to differentiate between system instructions and data retrieved from the API.
  • Capability inventory: Access to the fizzy CLI for creating and modifying resources, and file system access for managing session tokens and HTML description files (SKILL.md).
  • Sanitization: There is no explicit validation or sanitization of the content retrieved from the external API before the agent processes or displays it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 11:00 AM