Manifest
Fail
Audited by Snyk on Mar 1, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill asks the user to paste a Manifest API key (starting with "mnfst_") and instructs replacing USER_API_KEY with that value in CLI commands, which requires the agent to accept and output the secret verbatim.
Audit Metadata