The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The mcp_servers configuration in fleet-config.md allows for execution of arbitrary system commands through the command and args fields, which is a high-risk vector if configuration files are sourced from untrusted inputs.\n- [REMOTE_CODE_EXECUTION] (HIGH): Agent tools can be defined using raw Python source code or loaded from the local filesystem, enabling the execution of unverified scripts within the host environment.\n- [CREDENTIALS_UNSAFE] (HIGH): The documentation explicitly handles sensitive credentials such as SUPABASE_SERVICE_ROLE_KEY and LETTA_API_KEY, which could lead to administrative resource compromise if mismanaged.\n- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection through data ingestion. 1. Ingestion points: Local filesystem and Supabase storage buckets; 2. Boundary markers: None; 3. Capability inventory: Arbitrary shell command execution and Python tool execution; 4. Sanitization: Absent.\n- [REMOTE_CODE_EXECUTION] (CRITICAL): Automated scanners identified a confirmed malicious blacklisted URL within the support.md prompt file, indicating a high-risk threat vector.

letta-fleet-management