letta-configuration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes examples that embed API keys directly in code, CLI flags, and curl/JSON payloads (e.g., api_key="sk-your-key-here", --api-key sk-..., and a curl POST with "api_key"), which requires the LLM to handle and potentially emit secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly allows configuring and auto-discovering models from arbitrary external provider APIs and custom endpoints (e.g., model_endpoint/base_url in references/custom-endpoints.md, OPENAI_BASE_URL in references/environment_variables.md, and provider creation via scripts/setup_provider.py), so the agent will fetch and interpret content returned by untrusted third-party endpoints.