audit

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs installing packages, starting/enabling services, and adding/modifying files under /etc (audit rules, ssh, sudoers, etc.), actions that require root/sudo and change the machine's state.