food-order
Warn
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata specifies an installation step that fetches and installs a Go binary from a personal GitHub repository (github.com/steipete/ordercli). This introduces a dependency on external code from a source not identified as a trusted organization or well-known service.
- [COMMAND_EXECUTION]: The skill relies on the execution of the ordercli binary to interact with the network (Foodora API) and the local file system (configuration files). It provides instructions to the agent to run commands that can affect account state and place financial orders.
- [CREDENTIALS_UNSAFE]: The instructions guide the agent to manage sensitive authentication data, including entering passwords via standard input and accessing local browser profiles (e.g., Chrome 'Default' profile) to extract session cookies.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. 1. Ingestion points: The agent processes external data from the Foodora API via
ordercli foodora history(SKILL.md). 2. Boundary markers: Absent; there are no instructions to delimit or ignore instructions that may be present in the tool's output. 3. Capability inventory: The agent can perform financial transactions and access browser session data (SKILL.md). 4. Sanitization: Absent; no validation or filtering of the retrieved external content is mentioned.
Audit Metadata