Skills
skills/mukul975/anthropic-cybersecurity-skills/conducting-social-engineering-penetration-test/Snyk

conducting-social-engineering-penetration-test

Fail

Audited by Snyk on Apr 7, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). Although the Microsoft and Verizon links are legitimate reference pages, the collection includes official distributions of offensive phishing/MFA‑bypass tools (Evilginx2, GoPhish, SET) — legitimate projects but high‑risk download sources because they provide code, binaries, and instructions commonly abused to deploy credential‑stealing/phishing infrastructure and malware.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This skill content provides explicit, actionable instructions to perform phishing, credential harvesting (including cloning login pages and redirecting victims), MFA/session hijacking via Evilginx, vishing scripts to coerce secrets, physical intrusion techniques (tailgating, USB drops, rogue APs), and guidance to route captured data to attacker-controlled infrastructure — all high‑abuse behaviors enabling credential theft and data exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md (Phase 1: "OSINT and Target Profiling" and the Workflows/References sections) explicitly instructs harvesting and scraping public, user-generated sources (theHarvester, LinkedIn, Twitter/X, Facebook, GitHub, breach databases) and using that untrusted content to select targets and craft phishing/vishing/pretext campaigns, so third‑party content is ingested and directly influences decisions and actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running privileged commands (e.g., "sudo apt install gophish"), editing service/config files, and deploying tooling (Evilginx, GoPhish) to bypass security controls, which requires elevated privileges and modifies the host system state.

Issues (4)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 7, 2026, 12:39 AM
Issues
4