optimize-runbook

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs reading a token from ~/.config/jetty/token and embedding it into curl Authorization headers (e.g., -H "Authorization: Bearer $TOKEN"), which requires the agent to handle and could cause it to output secret values verbatim in commands/requests.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests trajectory data and output files from the Jetty API (e.g., curl calls to https://flows-api.jetty.io/api/v1/db/trajectory/... and /api/v1/file/...), which are user-generated/untrusted run outputs that the agent must read and interpret to drive analysis and automatic runbook edits (Steps 2–5), so untrusted third-party content can materially influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill issues runtime curl requests to https://flows-api.jetty.io (e.g. https://flows-api.jetty.io/api/v1/db/trajectories/... and https://flows-api.jetty.io/api/v1/db/trajectory/... and https://flows-api.jetty.io/api/v1/file/...) to fetch trajectory and file content that the agent consumes to drive its analysis and produce runbook edits, making this an external runtime dependency that directly controls the agent's behavior.