ifood
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
init_user_state.py,update_user_state.py, andnormalize_price.py) to manage user preferences and shopping history. These scripts utilize standard libraries for JSON parsing and regular expressions and do not exhibit dangerous behaviors. - [EXTERNAL_DOWNLOADS]: The skill interacts with well-known services such as
ifood.com.brandprezunic.com.brthrough the browser tool to search for products and manage carts. - [DATA_EXFILTRATION]: User data, including delivery addresses and order history, is stored in a local
user_state.jsonfile within the agent's workspace for persistence. There is no evidence of unauthorized transmission of this sensitive information to external servers. - [PROMPT_INJECTION]: While the skill processes external content (product descriptions from web pages), it uses specific data extraction logic and structured formatting (tables) to present information, which mitigates the risk of indirect prompt injection.
Audit Metadata