The Agent Skills Directory

[SAFE]: Analysis of the skill instructions and code snippets reveals no malicious patterns. The skill functions as a developer guide for Mistral AI integration.
[CREDENTIALS_SAFE]: The provided code examples demonstrate the correct practice of accessing API keys through environment variables (process.env.MISTRAL_API_KEY) rather than hardcoding sensitive credentials.
[PROMPT_INJECTION]: The skill does not contain instructions that attempt to bypass AI safety filters or override agent behavior. Step 5 specifically guides developers on how to implement guardrails and use Mistral's moderation API to detect unsafe content.
[EXTERNAL_DOWNLOADS]: The skill utilizes the @mistralai/mistralai package, which is the official SDK for the service. No suspicious or unverified third-party dependencies are introduced.
[SAFE]: Regarding indirect prompt injection (Category 8): (1) Ingestion points: userInput and userMessage are passed to API calls in SKILL.md. (2) Boundary markers: Present via structured message objects ({ role: 'user', content: ... }). (3) Capability inventory: The skill examples only perform network requests to the Mistral API and do not involve shell execution or sensitive file writes. (4) Sanitization: Present; the skill explicitly demonstrates use of safePrompt: true and the client.classifiers.moderate endpoint to validate external input.

mistral-core-workflow-a