finding-agents
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill relies on the 'letta' command-line interface to perform agent discovery and retrieval. This is the primary function of the skill and occurs within the expected environment.
- [DATA_EXFILTRATION] (LOW): Using the '--include-blocks' option allows the skill to retrieve 'agent.blocks', which contains the internal memory of other agents. This could expose sensitive information or private data to the requesting agent.
- [PROMPT_INJECTION] (LOW): Risk of Indirect Prompt Injection. 1. Ingestion points: The skill ingests untrusted data from the server in the form of agent names, descriptions, and tags. 2. Boundary markers: There are no markers or instructions provided to the agent to ignore potentially malicious instructions embedded in these fields. 3. Capability inventory: The agent can list all agents and read memory contents. 4. Sanitization: The skill does not implement any validation or sanitization of the metadata retrieved from the Letta server before it is processed.
Audit Metadata