performing-ransomware-incident-response

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly uploads and relies on responses from public third-party sites (e.g., the SKILL.md Step 1 curl POST to id-ransomware.malwarehunterteam.com and references to NoMoreRansom/Kaspersky/Emsisoft decryptor pages) and the agent is expected to read/interpret that untrusted, user-supplied identification/decryptor information to drive variant identification and subsequent containment/recovery actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt instructs the agent to run numerous privileged, state-changing operations (iptables rules, firewall commits, registry edits, vssadmin, file deletions, backup restores, terraform/packer, service containment) that require root/administrator access and modify system configuration and files.