incident-response

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running responder scripts that perform privileged containment actions (service shutdowns, account disables, network isolation) and collect/modify system state (memory dumps, system config, logs), which would change the machine's state and likely require elevated privileges.