Skills
skills/sundial-org/awesome-openclaw-skills/fizzy-cli/Gen Agent Trust Hub

fizzy-cli

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of the fizzy-cli binary to manage kanban boards and cards.
  • [DATA_EXFILTRATION]: The skill communicates with the external API at app.fizzy.do, which is the intended functional behavior for the service.
  • [CREDENTIALS_UNSAFE]: The skill references authentication using the FIZZY_TOKEN environment variable and local storage in ~/.config/fizzy/config.json, which are standard practices for CLI tools.
  • [PROMPT_INJECTION]: The skill describes operations that ingest untrusted data from the board, creating an indirect prompt injection surface.
  • Ingestion points: fizzy-cli card list and fizzy-cli comment list commands in SKILL.md.
  • Boundary markers: No markers or 'ignore' instructions are present in the command templates.
  • Capability inventory: Subprocess execution of fizzy-cli for all resource operations.
  • Sanitization: No sanitization of retrieved board content is documented.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 12:25 AM