performing-cloud-native-forensics-with-falco

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill tells the agent to deploy and manage Falco rules (including writing/using /etc/falco/custom_rules.yaml and interacting with the Falco gRPC API), which implies modifying system configuration files that likely require elevated privileges and thus can change the machine's state.