data-office-pro

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt instructs the agent to automatically install third‑party skills and Python/Node packages and to run system commands (npx, pip, npm, playwright, create symlinks), and even suggests using sudo for permission issues, which directs the agent to modify the host environment and fetch/execute remote code without explicit user-managed approval.