Food402 - TGO Yemek

The skill is classified as suspicious due to several risky capabilities, despite appearing to align with its stated purpose of food ordering. Key indicators include caching sensitive JWT authentication tokens in the world-writable `/tmp` directory (`scripts/auth.sh`), which could expose them to other local users. Additionally, the `scripts/3dsecure.sh` script opens arbitrary HTML content (intended for 3D Secure verification) from a temporary file in the user's default browser, a high-risk capability that could be exploited if the agent were tricked into processing malicious HTML. The skill also requires sensitive credentials (TGO_EMAIL, TGO_PASSWORD, GOOGLE_PLACES_API_KEY) as environment variables, which are handled directly by the authentication script.