implementing-ransomware-kill-switch-detection

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The agent performs live DNS lookups of public kill-switch domains (check_kill_switch_domain using socket.gethostbyname in scripts/agent.py and the DNS monitoring step in SKILL.md), ingesting untrusted third-party DNS responses that are interpreted to decide whether a kill switch is active and thus can materially influence behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly directs creating OS-level artifacts and changing system behavior (global mutex vaccination, registry keys, Sysmon config, scheduled tasks, and domain sinkholing), which modify the host/endpoints and often require elevated privileges, so it advocates compromising the machine state.