The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill installs the third-party ordercli tool from a non-standard GitHub repository (steipete/ordercli) using Homebrew or Go during the setup phase.
[COMMAND_EXECUTION]: Executes shell commands via the ordercli binary to manage logins, sessions, and food orders. This includes high-privilege operations such as importing Chrome browser cookies and accessing local application support folders to bypass bot protection.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external food delivery APIs and restaurant menus.
Ingestion points: Fetches active order status, order history, and restaurant details from external Foodora and Deliveroo APIs (SKILL.md).
Boundary markers: No specific delimiters or boundary markers are defined to isolate external API data from the agent's instructions.
Capability inventory: The skill can execute external binaries, read/write configuration files, access browser session data, and perform financial transactions (reordering) (SKILL.md).
Sanitization: There is no evidence of sanitization or validation of the data retrieved from external sources before it is interpreted by the agent.

ordercli