manifest
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates the download and installation of the 'manifest' plugin via the 'claude plugins install' command. This is an expected operation for the skill's stated purpose of configuring observability tools.
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage the Claude gateway service ('stop', 'install'), configure plugin settings, and read log files from ~/.claude/logs/ to verify the connection status.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where user-provided input for API keys and endpoints is interpolated into shell commands. * Ingestion points: User input is collected for the 'USER_API_KEY' and 'USER_ENDPOINT' fields. * Boundary markers: The skill recommends verifying the 'mnfst_' prefix but does not use explicit shell-safe delimiters or escaping. * Capability inventory: The skill uses 'claude config set' to write these values to the system configuration via shell execution. * Sanitization: No sanitization of shell metacharacters is performed on user-provided strings before incorporation into commands.
Audit Metadata