S³ Incident Runbook Templates

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only incident runbook template skill, but its example production commands should be reviewed before anyone runs them.

Safe to install as a template library. Treat all kubectl, psql, feature-flag, and network-policy snippets as examples only; adapt them to your environment, require human approval for production-changing actions, use least-privileged credentials, and verify targets before execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The runbook includes destructive database/operational actions such as terminating queries without any explicit caution, approval gate, or precondition checks. In an agent skill context, presenting these commands as routine steps can cause unsafe execution during incidents, potentially worsening outages or causing data integrity problems.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill references direct database access using environment-backed credentials and includes commands that inspect and terminate backend activity, but does not warn about secret handling, least-privilege access, or the risk of broad-impact DB operations. In practice this can normalize unsafe credential use and lead operators or agents to expose or misuse privileged access during incident response.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal