The Agent Skills Directory

[DATA_EXFILTRATION]: The skill implements a background job worker that can optionally send results to a callbackUrl provided in job data. This is a standard webhook pattern for event-driven architectures and is documented here as an intended architectural feature.
[CREDENTIALS_UNSAFE]: The skill follows security best practices by demonstrating how to access the Mistral API key via environment variables (process.env.MISTRAL_API_KEY and os.environ["MISTRAL_API_KEY"]) rather than hardcoding sensitive credentials.
[INDIRECT_PROMPT_INJECTION]: The skill provides patterns for processing untrusted external content, such as code for review or messages for chat completion. While no malicious patterns were detected in the skill code, the following surface analysis is provided: * Ingestion points: Agent message inputs, JSONL batch files, and job queue data. * Boundary markers: Not explicitly implemented in the provided prompt examples. * Capability inventory: File system access (fs.readFileSync, fs.writeFileSync), network operations (fetch), and the allowed Bash tool. * Sanitization: No explicit sanitization or validation of external input content is demonstrated in the code examples.

mistral-webhooks-events