incident-responder

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs active containment and remediation steps that change system state—e.g., disabling accounts, resetting credentials, isolating/re-imaging endpoints, collecting memory/disk images and modifying access—which would require privileged actions and thus push an agent to perform state-changing, potentially privileged operations on the host.