biomni

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly states it "executes LLM-generated code with full system privileges" and enables autonomous code execution, data downloads, and external integrations (MCP/lab interfaces), which gives the agent the ability to modify the host system even though it doesn't explicitly instruct sudo, file edits, or user creation.