fizzy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses user-generated content from the Fizzy API (default https://app.fizzy.do) — e.g., card show and comment list responses including card.description, comment.body.*, and the response "breadcrumbs" — and the SKILL.md instructs the agent to parse JSON and "Use breadcrumbs to discover available actions," meaning untrusted third-party content is read and can directly influence subsequent commands and decisions.