food-order

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls out to Foodora/public web content (e.g., via ordercli commands like "ordercli foodora history", "ordercli foodora history show ", and the session chrome URL https://www.foodora.at/) to fetch order history and details, which are untrusted third-party/user-generated contents the agent is expected to read and interpret.