incident-response

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill contains intrusive system commands (e.g., dd if=/dev/mem, writing to /evidence, tar /var/log) and containment actions that require elevated privileges and will modify the filesystem/state, so it pushes the agent toward privileged, state-changing operations.