fireflies-incident-runbook

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The runbook contains commands that decode and display Kubernetes secrets (kubectl get secret ... | base64 -d) and examples that embed API keys (--from-literal=api-key=NEW_KEY), which would require the agent to handle or emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The runbook explicitly instructs the agent/operator to fetch and interpret a public third-party status page (e.g., "curl -s https://status.fireflies.com" in Quick Triage and the Decision Tree) and to base remediation decisions on that content, which could allow malicious or unexpected content from that public site to influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). Contains explicit commands that modify production state (kubectl create secret, kubectl set env, kubectl rollout restart, etc.) which perform privileged changes to infrastructure and thus push the agent to alter the machine/cluster state.