Skills
skills/letta-ai/skills/importing-chatgpt-memory/Gen Agent Trust Hub

importing-chatgpt-memory

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from ChatGPT export files, which contains user-controlled conversation history. This represents an indirect prompt injection surface where malicious instructions could be embedded in the data being processed.
  • Ingestion points: ChatGPT conversation JSON shards (processed via scripts such as scripts/extract-saved-memory.py and scripts/render-conversation.py).
  • Boundary markers: Absent. The rendered output does not use unique delimiters to separate untrusted content from system instructions.
  • Capability inventory: The skill can write to active system memory (system/human.md), perform git operations, and dispatch subagents with shell capabilities.
  • Sanitization: Absent. The scripts perform text normalization but do not sanitize for potential prompt injection patterns.
  • [COMMAND_EXECUTION]: The skill executes local Python scripts and shell commands to manage the import process.
  • Evidence: scripts/export-transcripts.py uses subprocess.run to execute the local render-conversation.py script using the current Python interpreter.
  • Evidence: SKILL.md instructs the agent to run git commands for version control of the memory directory and to dispatch subagents with shell access for parallel processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 06:37 AM