migrating-memory
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability via memory inheritance. The skill copies files from a source agent into the destination agent's
/system/memory directory. Because 'system' blocks are typically loaded directly into the agent's active context/prompt, this allows for the injection of instructions from an external source. - Ingestion points: Files are read from
/tmp/letta-memfs-<source-agent-id>and written to~/.letta/agents/$LETTA_AGENT_ID/memory/system/(SKILL.md). - Boundary markers: None present; the skill treats all migrated files as trusted data.
- Capability inventory: Use of
cpfor file system modification andletta memfs syncfor updating the agent's operational state based on those files. - Sanitization: None; the skill does not validate or sanitize the content of the memory blocks being migrated.
- [COMMAND_EXECUTION] (LOW): The skill utilizes standard shell commands (
cp,letta) to perform local file operations and interact with the Letta CLI. While these are executed in the local environment, they are used as intended for the skill's purpose.
Recommendations
- AI detected serious security threats
Audit Metadata