Skills
skills/mvanhorn/clawdbot-skill-manus/manus/Gen Agent Trust Hub

manus

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a bash helper script (scripts/manus.sh) that executes several system commands to facilitate API interaction.
  • It uses curl to make requests to the Manus API at api.manus.im and to download task results.
  • It employs jq for robust parsing of JSON data from API responses.
  • It utilizes utility commands such as mkdir, tr, and file for directory management and metadata extraction during file handling.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to download generated deliverables (e.g., PDFs, CSVs, code) from the Manus content delivery network.
  • Files are retrieved from private-us-east-1.manuscdn.com and saved locally using curl with a sanitization step for filenames to prevent directory traversal or special character exploitation.
  • These downloads are integral to the service functionality and originate from official infrastructure.
  • [DATA_EXFILTRATION]: The skill facilitates the transfer of local files to the Manus service for task processing.
  • This is achieved by requesting a presigned S3 upload URL from the Manus API and then using curl to PUT the file content to Amazon S3.
  • This behavior is user-directed and necessary for the 'upload' and 'attachment' features of the agent integration.
  • [PROMPT_INJECTION]: The skill possesses an inherent surface for indirect prompt injection because it processes output from an external autonomous agent that interacts with the public web.
  • Ingestion points: Data enters the skill context through the retrieval of task results and deliverables via the get and download commands in scripts/manus.sh.
  • Boundary markers: The instructions and templates do not specify delimiters or explicit instructions to ignore potentially malicious content embedded within the task results received from the Manus agent.
  • Capability inventory: The agent environment allows for file system writes, network requests via curl, and execution of the included bash script.
  • Sanitization: While the skill sanitizes filenames during download, it does not sanitize the content of the retrieved task results before they are presented or potentially used in multi-turn conversations.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 07:36 AM