food-order
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata includes an installation step for a Go binary from 'github.com/steipete/ordercli'. This repository is not from a trusted organization or well-known service, representing an unverifiable external dependency.
- [COMMAND_EXECUTION]: The skill executes commands via 'ordercli' to perform sensitive actions like user login and placing financial orders. The security of these operations relies entirely on the integrity of the downloaded binary.
- [PROMPT_INJECTION]: The skill processes untrusted data from the Foodora API (e.g., order history, status), establishing an indirect prompt injection surface. 1. Ingestion points: 'ordercli foodora history' and 'ordercli foodora orders'. 2. Boundary markers: The skill lacks programmatic delimiters to distinguish instructions from the retrieved external content. 3. Capability inventory: The skill can execute shell commands and modify order state. 4. Sanitization: No sanitization or validation is applied to data retrieved from the external API.
Audit Metadata