ordercli
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing a third-party binary 'ordercli' from a GitHub repository ('github.com/steipete/ordercli') via Homebrew or Go.
- [CREDENTIALS_UNSAFE]: The tool manages highly sensitive credentials, including user passwords via stdin, authentication tokens (e.g., 'DELIVEROO_BEARER_TOKEN'), and session cookies imported from Chrome. It also references local system paths for browser profiles ('~/Library/Application Support/ordercli/browser-profile').
- [COMMAND_EXECUTION]: The skill is built around executing the 'ordercli' binary with various arguments, representing a risk if the binary or its inputs are compromised.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing external data. Ingestion points: Order history and active status data retrieved from Foodora and Deliveroo APIs as specified in SKILL.md. Boundary markers: None identified to separate external data from agent instructions. Capability inventory: The skill can execute commands, manage shopping carts, and handle credentials. Sanitization: No evidence of validation or filtering for data retrieved from external service APIs.
Audit Metadata