The Agent Skills Directory

Indirect Prompt Injection (MEDIUM): The letta messages search and letta messages list commands pull data from past conversation logs, which are untrusted ingestion points.
Ingestion points: Conversation content retrieved by the letta CLI tool in SKILL.md.
Boundary markers: Absent; the documentation does not suggest using delimiters or 'ignore embedded instructions' prompts to isolate retrieved history from current instructions.
Capability inventory: The retrieved data is used to 'recall context', directly influencing the agent's reasoning and future responses.
Sanitization: Absent; there is no evidence of filtering or sanitizing the content of past messages before they are added back into the active context window.

searching-messages