Skills
skills/firecrawl/openclaw/ordercli/Gen Agent Trust Hub

ordercli

Warn

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the ordercli tool from a third-party personal GitHub repository (github.com/steipete/ordercli) via Homebrew or Go.
  • [COMMAND_EXECUTION]: The skill triggers the execution of a binary that reads system-level browser profiles and session data from local application paths.
  • [CREDENTIALS_UNSAFE]: Instructions guide the user to input sensitive authentication materials, including passwords through standard input, bearer tokens via environment variables, and importing cookies directly from web browsers.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface when processing external food delivery data. 1. Ingestion points: Order history and status details retrieved via ordercli foodora history in SKILL.md. 2. Boundary markers: No markers or instructions to ignore embedded instructions are present. 3. Capability inventory: The skill can perform state-changing actions such as ordercli foodora reorder as defined in SKILL.md. 4. Sanitization: No data validation or sanitization of the fetched external content is identified.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 18, 2026, 12:42 PM