performing-service-account-audit

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs active, state-changing operations—disabling accounts, rotating credentials, converting accounts to gMSA and reducing privileges—across AD/cloud/databases, which would modify infrastructure and require elevated privileges, so it pushes the agent to change system state.