skills/mukul975/anthropic-cybersecurity-skills/performing-phishing-simulation-with-gophish/Gen Agent Trust Hub
performing-phishing-simulation-with-gophish
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions and scripts download the GoPhish binary from its official project repository on GitHub.
- [COMMAND_EXECUTION]: The workflow requires the user to grant execution permissions to and run the downloaded GoPhish binary on the host system.
- [PROMPT_INJECTION]: The skill features an indirect prompt injection surface due to its ingestion of untrusted external data from CSV files and raw email imports for campaign targets and templates.
- Ingestion points: Target lists are imported from user-provided CSV files in the
scripts/process.pyscript. - Boundary markers: Ingested data is not isolated with specific delimiters or safety instructions.
- Capability inventory: The skill has the capability to perform network requests and manage active phishing infrastructure via the
requestslibrary. - Sanitization: No explicit input validation or sanitization is performed on the content imported from external files before it is processed by the simulation framework.
Audit Metadata