mistral-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill implementation patterns include network operations to external, user-defined URLs.\n
- Step 2 and Step 3 demonstrate the use of
fetchto send data to acallbackURL provided in a request payload. While this is the intended functionality for webhooks, it represents a pattern that allows network requests to arbitrary external domains.\n- [PROMPT_INJECTION]: The skill exhibits surfaces for indirect prompt injection.\n - Ingestion points: The skill defines an API endpoint and a background job queue (Step 2) that ingest untrusted data from request bodies, specifically
body.messagesandbody.callback.\n - Boundary markers: The provided code examples do not include delimiters or specific instructions to isolate untrusted user input from the broader application context.\n
- Capability inventory: The skill patterns involve network operations via
fetchand interactions with the Mistral AI API for message completion and streaming.\n - Sanitization: The examples do not demonstrate validation of the user-provided
callbackURL or sanitization of the input messages.
Audit Metadata