firecrawl-incident-runbook

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The runbook includes commands that decode and print the API key and instruct creating a secret with --from-literal=api-key=NEW_KEY (requiring insertion of the raw key), which requires handling and potentially outputting secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The runbook explicitly tells operators to fetch and parse public third‑party pages (e.g., "curl -s https://status.firecrawl.com | jq" in Quick Triage and use API responses like https://api.firecrawl.com) and to use those results in the decision tree to determine remediation, so untrusted external content can influence actions.