documenso-incident-runbook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The runbook (SKILL.md and references/implementation-guide.md) explicitly instructs the agent/operator to fetch and parse external Documenso endpoints (e.g., curl to https://status.documenso.com/api/v2/status.json and https://app.documenso.com/api/v2/documents...) and to read dashboard/webhook logs, which the agent would interpret to make operational decisions like enabling circuit breakers or reconfiguring services.