incident-runbook-templates

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The runbook explicitly instructs checking and curling external public endpoints (e.g., https://sentry.io/payments, https://api.stripe.com/v1/health, status.stripe.com and public Prometheus/Grafana URLs) as part of triage and mitigation, so untrusted third‑party content is read and can materially influence incident decisions and actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The runbook includes explicit administrative commands (kubectl apply/scale/rollout undo, psql commands like pg_terminate_backend and VACUUM FULL, scripts that delete or rollback data, etc.) which, if executed by the agent, would perform privileged modifications to cluster/DB/host state and thus push the agent to change/compromise the machine state.