ordercli
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates the installation of a third-party binary via Homebrew (
steipete/tap/ordercli) and Go (github.com/steipete/ordercli/cmd/ordercli@latest). These sources are outside the explicit trusted organizations list. - [CREDENTIALS_UNSAFE]: Instructions guide the agent to perform operations involving sensitive credentials, such as
ordercli foodora login --email you@example.com --password-stdinand the use of theDELIVEROO_BEARER_TOKENenvironment variable. - [COMMAND_EXECUTION]: The skill executes external CLI commands that access sensitive local file system paths, including browser profiles and application support directories.
- [DATA_EXFILTRATION]: Commands like
ordercli foodora cookies chromeandordercli foodora session chromeexplicitly target local browser cookie databases and session data, which are high-value targets for exfiltration. - [PROMPT_INJECTION]: The skill processes external data from Foodora/Deliveroo APIs (order history, restaurant names, and statuses). This represents an indirect prompt injection surface where malicious content in an order description could influence agent behavior.
Audit Metadata