clay-incident-runbook

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The runbook includes commands that decode and print secrets (kubectl get secret ... | base64 -d) and examples that set secrets via --from-literal=api-key=NEW_KEY, which would require embedding or handling actual API keys verbatim in commands/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The runbook explicitly instructs the agent/operator to fetch and interpret a public third-party status page (e.g., "curl -s https://status.clay.com | jq") and uses that result in the decision tree to decide whether to wait or take remediation, so external public content can materially influence next actions.