detection

This artifact is a documentation/skill specification describing detection use cases and example usage. There is no executable implementation, no remote downloads, and no embedded network endpoints or credential-harvesting code. The primary risks are operational/hygiene: (1) examples that print sensitive telemetry which could leak data if used verbatim; (2) filesystem writes and baseline file reads that require appropriate privilege controls; and (3) the broad scope implies real implementations will need many data sources and permissions, which should be scoped carefully. Overall there is low likelihood of intentional malicious behavior in this file, but any concrete implementation derived from these examples should be reviewed for proper handling of secrets, least-privilege file access, and safe logging practices.