binary-hardening

This skill is a coherent, security-focused guidance document for enabling and verifying binary hardening mitigations on C/C++ projects. It requests only local operations (builds, inspections, and optional package installs) that are proportionate to the stated purpose. The main operational risks are expected and intentional: applying seccomp filters can irreversibly restrict or kill a process if the syscall allowlist is too strict, and unpinned package installs (pip/apt) are minor supply-chain hygiene risks. There are no indicators of credential harvesting, remote exfiltration, obfuscation, or hidden download-execute chains. Overall the content appears benign and appropriate for its stated aim, but users should follow normal package verification and carefully test seccomp rules in safe environments before deploying.