instantly-incident-runbook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and parse public Instantly endpoints (e.g., "curl -s https://status.instantly.com" and "curl -v https://api.instantly.com") as part of triage and the decision tree, so untrusted third‑party content can directly influence remediation actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The runbook explicitly instructs the agent to perform privileged/modifying operations (kubectl create secret, kubectl set env, rollout restarts, reading secrets, and running local scripts) that change production infrastructure and runtime state.