incident-responder

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill repeatedly directs containment and remediation actions that would modify host state (terminate processes, revoke credentials, isolate systems, perform shutdowns) and includes automation scripts for response, so although it claims not to perform infra changes, it encourages actions that can compromise the machine if executed.