ideogram-incident-runbook

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The runbook includes commands that decode and display kubernetes secrets and shows creating a secret with a literal API key on the command line (e.g., --from-literal=api-key=NEW_KEY), which would require an agent to read or embed secret values verbatim and thus enables exfiltration.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The runbook explicitly instructs executing privileged kubectl commands that create/apply secrets, restart and reconfigure deployments, and read secret data—operations that modify production state and can expose sensitive credentials—so it encourages potentially harmful state changes.