ebpf
Warn
Audited by Snyk on Mar 4, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs loading and attaching eBPF programs (bpftool, ip link set xdp ...), generating kernel BTF, and changing network/XDP behavior — all operations that require root and directly modify kernel and network state, so it pushes the agent to alter the machine.
Audit Metadata