performing-insider-threat-investigation

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt instructs intrusive, privileged actions—forensic imaging, keystroke logging, screen/session recording, network capture and installing/using endpoint monitoring tools—that would require elevated privileges and can modify or install components on the host, so it strongly encourages operations that change or compromise the machine state.