detecting-container-runtime-threats-with-falco
Warn
Audited by Snyk on Jun 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running sudo commands, modifying system files (e.g., /etc/apt/sources.list.d, /etc/falco/ rules), enabling systemd services, configuring kernel drivers, deploying DaemonSets and privileged containers — all actions that change host/cluster state and require elevated privileges, so it can materially alter or compromise the machine.
Issues (1)
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata