manus
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes task results and status updates from the external Manus API (api.manus.ai), which constitutes an indirect prompt injection surface as the agent ingests content generated by an external AI service.\n
- Ingestion points:
scripts/manus_client.mjs(viagetTaskincmdStatusandcmdResult) andscripts/manus_client.py(viacmd_statusandcmd_result).\n - Boundary markers: Absent; the scripts do not use specific delimiters or instructions to wrap or isolate content received from the external API.\n
- Capability inventory: The skill has file system write capabilities (storing task artifacts in
~/.manus-skill/downloads) and network access to communicate with the Manus API.\n - Sanitization: The skill implements
safe_output_pathlogic in both JS and Python scripts to sanitize filenames and prevent directory traversal or file overwriting during download operations.
Audit Metadata