ordercli
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions and metadata specify the installation of an external binary 'ordercli' from a non-trusted third-party repository (github.com/steipete/ordercli) via Homebrew or Go.
- [CREDENTIALS_UNSAFE]: The skill provides instructions for the agent to handle highly sensitive information, including user passwords via '--password-stdin', authentication tokens (DELIVEROO_BEARER_TOKEN), and the extraction of session cookies from local Chrome browser profiles.
- [COMMAND_EXECUTION]: The skill executes various 'ordercli' commands that interact with the local filesystem (accessing browser application support folders) and make network requests to external delivery platforms.
- [PROMPT_INJECTION]: The skill processes external data such as order history and status from Foodora/Deliveroo. This creates an indirect prompt injection surface where malicious data in order descriptions or restaurant names could potentially influence agent behavior.
- Ingestion points: 'ordercli foodora orders', 'ordercli foodora history'.
- Boundary markers: None identified.
- Capability inventory: Subprocess calls to 'ordercli' which can modify configurations and perform network actions.
- Sanitization: No evidence of sanitization for data retrieved from external APIs before processing by the agent.
Audit Metadata