creating-letta-code-channels

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted, user-generated platform messages via dynamic user channel plugins (see SKILL.md core workflow step 6 and references/user-plugins.md which require calling adapter.onMessage with inbound messages from public channels) and even warns that public-channel posts can leak tool prompts and invite forged “approve” replies, so third-party content is read and can drive agent actions.