Skills
skills/elizaos/eliza/food-order/Gen Agent Trust Hub

food-order

Warn

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill metadata specifies the installation of ordercli via go install github.com/steipete/ordercli/cmd/ordercli@latest. The source repository belongs to an untrusted GitHub user (steipete), which is not part of the pre-approved trusted list. This introduces a risk of executing unvetted code on the local system.
  • COMMAND_EXECUTION (LOW): The skill documentation relies on executing the ordercli binary for all tasks. While the instructions include safety rules to prevent accidental orders (e.g., avoiding the --confirm flag without user approval), the agent still performs multiple subprocess calls to a third-party binary.
  • INDIRECT PROMPT INJECTION (LOW): The skill processes data from external sources (Foodora order history) via ordercli foodora history --json.
  • Ingestion points: Tool output from ordercli (order history and status).
  • Boundary markers: Absent. There are no instructions for the agent to treat the data returned by the tool as potentially malicious or to ignore embedded instructions.
  • Capability inventory: Subprocess execution of ordercli with flags that can modify account state (e.g., reorder --confirm).
  • Sanitization: None mentioned. The agent is expected to parse the JSON output directly to identify orderCode values.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 18, 2026, 06:11 PM