ordercli
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the agent to install a third-party binary (
ordercli) from an unverified GitHub repository (steipete/ordercli) using Homebrew or Go. This author is not on the trusted list, making the execution of this binary a significant risk. - CREDENTIALS_UNSAFE (HIGH): The skill's primary purpose involves handling highly sensitive information. It includes commands for capturing passwords via stdin (
--password-stdin) and explicitly targets browser session data and cookies. - DATA_EXFILTRATION (HIGH): The tool is designed to access sensitive file paths, specifically browser profiles (e.g.,
~/Library/Application Support/ordercli/browser-profileand Chrome cookie databases). Accessing browser cookies allows for session hijacking and unauthorized account access. - COMMAND_EXECUTION (MEDIUM): The skill relies on the execution of the
orderclicommand-line utility. If an attacker can manipulate the input processed by the agent, they may be able to inject malicious arguments into these shell commands. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes external data from food delivery services (order history, restaurant names). While no specific exploit is present, this represents an attack surface where malicious data from a delivery service could influence agent behavior.
Recommendations
- AI detected serious security threats
Audit Metadata