customizing-commands
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides guidance for writing and saving TypeScript files to the
~/.letta/mods/directory. These scripts are intended to be registered and executed by the application to provide custom slash command functionality. - [PROMPT_INJECTION]: The skill includes code templates that interpolate raw user input from command arguments into agent prompts (e.g.,
Review current git changes. Focus on ${focus}.). This creates a vulnerability surface for indirect prompt injection as it lacks boundary markers or input sanitization. - Ingestion points: User-supplied arguments in
ctx.args(SKILL.md). - Boundary markers: Absent from prompt templates.
- Capability inventory: Execution of arbitrary logic within registered mod scripts.
- Sanitization: None provided in the implementation examples.
Audit Metadata