detecting-dns-exfiltration-with-dns-query-analysis

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs running privileged network captures (zeek, tcpdump), editing Suricata configuration and deploying IDS/rules and blocklists (modifying system/service configuration), actions that require root/sudo and change the machine's state.