ordercli
Warn
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the 'ordercli' binary from third-party repositories.
- Source: GitHub (github.com/steipete/ordercli) and Homebrew tap (steipete/tap/ordercli).
- [DATA_EXFILTRATION]: The skill accesses and processes sensitive local browser data to manage delivery service sessions.
- Evidence: Commands such as 'ordercli foodora cookies chrome' and 'ordercli foodora session chrome' interact with local Chrome browser profiles and cookies.
- Evidence: The tool manages persistent session data in '$HOME/Library/Application Support/ordercli/browser-profile'.
- [CREDENTIALS_UNSAFE]: The documentation describes handling sensitive authentication material in plaintext or environment variables.
- Evidence: Supports password entry via '--password-stdin'.
- Evidence: References use of sensitive tokens such as 'DELIVEROO_BEARER_TOKEN' and 'DELIVEROO_COOKIE'.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the 'ordercli' binary with various parameters on the host system.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data from food delivery APIs.
- Ingestion points: Order lists and history details fetched from Foodora and Deliveroo APIs.
- Boundary markers: Absent; the skill does not use delimiters to isolate API-provided data from agent instructions.
- Capability inventory: Command execution (ordercli), network access, and sensitive file access (browser profiles).
- Sanitization: No sanitization of API-provided data is documented.
Audit Metadata