messaging-agents
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill establishes a mechanism for agents to send messages to one another, which inherently creates an indirect prompt injection surface.
- Ingestion points: The target agent receives arbitrary text input via the
lettaCLI commands described inSKILL.md. - Boundary markers: The skill mentions a
<system-reminder>tag which acts as a delimiter, but this is a soft boundary that does not strictly prevent instruction injection from the sender agent. - Capability inventory: Target agents are described as having the ability to execute their own tools, access memory, perform web searches, and make API calls.
- Sanitization: There is no evidence of sanitization or escaping of the message content within the provided skill instructions.
- [COMMAND_EXECUTION] (LOW): The skill relies on executing shell commands via the
lettaCLI. - The commands (
letta agents list,letta messages search, andletta -p) are used for legitimate administrative and communication tasks within the Letta ecosystem. - [SAFE] (NO_CODE): The skill contains no executable scripts or binary files, consisting entirely of metadata and instructional markdown documentation.
Audit Metadata