disk-forensics-evasion

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content explicitly documents actionable anti‑forensics and red‑team tactics — secure deletion, timestomping, USN/VSS/journal/event-log/Prefetch/Amcache removal, in‑memory execution and remote payload download+eval — which are clear, practical instructions for concealing unauthorized access and destroying forensic evidence, and therefore present a high misuse risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs destructive and state-changing operations (shred/sdelete, fsutil usn deletejournal, wevtutil cl, vssadmin delete shadows, editing /etc/passwd+shadow, registry deletions, etc.) that modify system files and require elevated/System privileges, so it pushes the agent to compromise the host state.