using-letta-api
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill exposes the 'system' parameter in the client.agents.update function within references/self-management.md. This allows for the modification of the agent's core instructions. Without boundary markers or sanitization, an agent could be manipulated via indirect prompt injection to rewrite its own identity or safety constraints.
- COMMAND_EXECUTION (HIGH): The skill provides powerful management capabilities such as client.agents.delete and the ability to create/message subagents. Malicious data processed by the agent could trigger these functions, leading to denial of service or unauthorized operations.
- EXTERNAL_DOWNLOADS (LOW): The skill relies on the 'letta-client' package. While standard for this API, it is an external dependency that must be verified.
- INDIRECT_PROMPT_INJECTION (HIGH): Mandatory Evidence Chain: 1. Ingestion points: The skill handles agent IDs, model identifiers, and system prompt strings (SKILL.md, references/subagents.md). 2. Boundary markers: Completely absent from the provided snippets. 3. Capability inventory: Includes system prompt modification, agent deletion, and inter-agent communication. 4. Sanitization: Absent; the snippets directly pass inputs to the Letta client without validation or escaping.
Recommendations
- AI detected serious security threats
Audit Metadata