Manifest
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs an external download by installing the 'manifest' plugin using the command
claude plugins install manifest. - [COMMAND_EXECUTION]: The skill executes several shell commands to manage the gateway and configuration, including
claude gateway stop,claude gateway install, andclaude config set. - [CREDENTIALS_UNSAFE]: The setup process requires the user to input a sensitive API key (starting with
mnfst_), which is then stored in the plugin's configuration via a CLI command. - [INDIRECT_PROMPT_INJECTION]: The skill reads from local system logs (
~/.claude/logs/gateway.log) to verify the installation. - Ingestion points: Reads the last 5 lines of
~/.claude/logs/gateway.logusinggrepandtail. - Boundary markers: None; the agent processes raw log output.
- Capability inventory: Includes subprocess execution (
claudeCLI commands,grep,tail) and configuration modification. - Sanitization: No sanitization is performed on the log content before the agent evaluates it for the 'active' status message.
Audit Metadata