food-order
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'ordercli' binary from a third-party GitHub repository (github.com/steipete/ordercli) during the setup process. This repository is not associated with a trusted organization or well-known service.
- [CREDENTIALS_UNSAFE]: The skill contains instructions for logging in with sensitive credentials, specifically allowing password input via stdin and accessing local browser session data through the '--profile' flag. This presents a risk of credential exposure.
- [COMMAND_EXECUTION]: The skill relies on executing external shell commands to interact with the Foodora service, providing a significant attack surface if the binary or environment is compromised.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from the Foodora API which could contain malicious content. 1. Ingestion points: Output from 'ordercli foodora history --json'. 2. Boundary markers: No technical delimiters or 'ignore' instructions are used for the ingested data. 3. Capability inventory: Subprocess execution via ordercli commands. 4. Sanitization: No sanitization or escaping of the external API content is implemented.
Audit Metadata