creating-letta-code-channels
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill provides a local utility script,
scripts/scaffold-user-channel-plugin.ts, to automate the creation of channel plugin templates. The script implements input validation using a strict alphanumeric regex for channel IDs to prevent directory traversal and avoids name collisions with reserved system IDs. - [SAFE]: File system operations are scoped to the user's home directory (~/.letta/channels), which is the standard configuration path for the Letta ecosystem.
- [COMMAND_EXECUTION]: The skill instructions include a command to run the local scaffolding script using
npx tsx. This is a standard development workflow for generating project skeletons and does not involve downloading untrusted remote code. - [SAFE]: The documentation provides security recommendations for developers, specifically regarding the prevention of sensitive data leaks when bridging agents to public communication channels.
Audit Metadata