detecting-dns-exfiltration-with-dns-query-analysis

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes instructions that modify system/network configuration and run privileged network-capture tools (editing suricata.yaml and rules, deploying firewall/DNS blocklists, isolating hosts, running tcpdump/zeek) — actions that change the machine or network state and typically require elevated privileges.