Foodpanda.ph Ordering
Security checks across malware telemetry and agentic risk
Overview
This skill is coherent for food ordering, but it asks users to install an external global CLI that captures a Foodpanda session and can place real cash-on-delivery orders.
Review this before installing. Verify the npm package and publisher independently, prefer a pinned version, understand how the CLI stores and revokes your Foodpanda session, and only approve the final order after checking the restaurant, items, address, payment method, and total.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.