GHSA-2fmp-9rvw-hc96: Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning

EnvironmentManager.listBackups() reads each backup’s _manifest.json and trusts the manifest’s path field. EnvironmentManager.pruneBackups() later passes that trusted entry.path directly to rmSync(entry.path, { recursive: true, force: true }).

An attacker who can place or modify a manifest inside data/<env>/.backups/<name>/_manifest.json can cause network-ai env backup prune --env <env> --keep <n> or any code path invoking pruneBackups() to recursively delete an arbitrary path accessible to the Network-AI process user. Confirmed in Network-AI 5.12.1.