ordercli
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's metadata specifies the installation of a binary from a third-party Homebrew tap (
steipete/tap/ordercli) and a GitHub repository (github.com/steipete/ordercli). These sources are not verified or part of the trusted vendors list. - [COMMAND_EXECUTION]: The skill facilitates the execution of the
orderclitool, which performs network operations to interact with food delivery services and accesses local system resources. - [CREDENTIALS_UNSAFE]: The skill's instructions guide the agent to handle highly sensitive credentials, such as user passwords (via
--password-stdin) and API bearer tokens (DELIVEROO_BEARER_TOKEN). - [DATA_EXFILTRATION]: The tool includes functionality to extract and import sensitive browser data, specifically Chrome cookies and profiles (
ordercli foodora cookies chrome), which constitutes a significant privacy risk and potential exposure of session data. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from external APIs (order history, status messages). There are no boundary markers or sanitization steps mentioned to prevent malicious instructions embedded in order details from influencing the agent's behavior. Ingestion points include order history and status updates from Foodora/Deliveroo; capability inventory includes binary execution and network requests.
Audit Metadata