analyzing-linux-kernel-rootkits

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill allows supplying a Volatility ISF URL (args --isf-url used in scripts/agent.py run_vol3_plugin) and the included API reference explicitly points to downloading ISF symbol tables from public GitHub, which are third‑party, user‑contributed files that Volatility will ingest and that can materially alter analysis results.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs actions that require and perform privileged, state-changing operations—e.g., acquiring memory by loading the LiME kernel module and running root-level scans (example shows sudo), which modify kernel/system state and require elevated privileges.