incident-response

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit destructive and state-changing operational commands (AWS CLI calls that revoke security group rules, delete IAM login profiles and access keys, terminate EC2 instances, delete resources, create snapshots, etc.), instructing the agent to modify or remove infrastructure and accounts rather than only providing passive guidance.