detecting-container-escape-with-falco-rules

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt includes explicit privileged installation and configuration steps (sudo apt installs, systemctl enable/start, writing files under /etc, Helm installs with privileged drivers and access to containerd/docker sockets) that modify system services and system files and therefore would change the machine state.