incident-runbook-templates

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md runbook explicitly instructs checking and curling public third-party endpoints (e.g., https://sentry.io/payments, https://api.stripe.com/v1/health, status.stripe.com) as part of the incident workflow, so untrusted external content could be read and influence mitigation/next-action decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The runbook contains many explicit, privileged operational commands (kubectl rollout/scale/apply, psql pg_terminate_backend/VACUUM FULL, DB rollbacks, creating NetworkPolicy, writing to .claude/context/memory files, etc.) that would modify production/host state if executed by an agent with credentials, so it encourages changing the machine/cluster state.