performing-cloud-native-forensics-with-falco

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs managing and deploying Falco rules in system locations (e.g., /etc/falco/custom_rules.yaml) and running Falco against host paths (and thus implies modifying system configuration and accessing privileged logs), which can change machine state and typically requires elevated privileges—so it poses a risk of compromising the host.