ideogram-incident-runbook

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Contains commands that decode and print stored API keys and also show embedding plaintext secrets in CLI commands (e.g., decoding the secret and --from-literal=api-key=NEW_KEY), which require handling or emitting secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The runbook explicitly instructs the agent to fetch and interpret a public third-party status page (curl -s https://status.ideogram.com) as part of triage and the decision tree, so external content can directly change remediation actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The runbook instructs the agent to perform privileged kubectl operations (reading/creating secrets, restarting deployments, setting envs) that modify production cluster state and secrets, which is a high-risk change to the machine/infrastructure the agent can control.