ordercli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests content from public Foodora/Deliveroo webpages as part of its core workflow (e.g., "ordercli foodora orders", "ordercli foodora history", and "ordercli foodora session chrome --url https://www.foodora.at/"), and that untrusted third-party page content can be read and used to drive actions like reorders/cart changes, creating a clear avenue for indirect prompt injection.