syncing-memory-filesystem

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clones and syncs git repos from $LETTA_BASE_URL/v1/git//state.git into ~/.letta/.../memory and explicitly states that files under memory/system/ (system blocks) "are attached to the agent and appear in the agent's system prompt," meaning external/user-edited repo content can be ingested and thereby influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill clones/pulls the git repo at "$LETTA_BASE_URL/v1/git//state.git" at runtime and loads memory/system/*.md from that repo into the agent's system prompt, so remote content fetched from that URL directly controls the agent's prompts.