fizzy
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate instruction set for the Fizzy CLI, a project management utility. All commands and workflows described are consistent with the stated purpose of managing tasks and boards.
- [SAFE]: Network activity is restricted to the official Fizzy service domain (app.fizzy.do) and references established documentation on GitHub (basecamp/fizzy). These are well-known and trusted sources.
- [SAFE]: Authentication procedures follow security best practices, such as suggesting the use of temporary files with restricted permissions (chmod 600) to prevent sensitive tokens from appearing in shell history or logs.
- [SAFE]: The skill does not contain any obfuscated code, unauthorized privilege escalation, or persistence mechanisms.
- [SAFE]: Although the skill processes external data (card content and comments from the Fizzy API), this is necessary for its functionality and does not introduce malicious behavior. The instructions emphasize using structured output (JSON/jq) which helps in safely parsing this data.
Audit Metadata