winadmin-powershell

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs modifying machine-level PATH and environment variables, installing system packages (chocolatey/winget) and includes execution-policy bypass patterns—actions that change system state and require/encourage elevated privileges or security-workarounds, so it pushes the agent toward compromising the host.