youtube-thumbnail

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (low risk: 0.30). The skill writes and executes a Python script on-host, installs Python packages (notably using --break-system-packages), probes local services and binaries, and reads user config/env (e.g. ~/.gemini, API keys), so it performs filesystem and runtime changes and can access sensitive local data, but it does not request sudo, modify privileged system files (systemd/ssh/etc.), or create users — therefore risk is present but not high-severity.