mistral-webhooks-events

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's POST endpoint and BullMQ worker (Step 2) clearly accept and enqueue arbitrary user-provided messages and callback URLs which are passed to the Mistral model and used to POST results (and Step 3's WebhookNotifier likewise sends to arbitrary URLs), so untrusted third-party input is ingested and can directly influence model behavior and subsequent outbound actions.