performing-phishing-simulation-with-gophish

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This content is a dual-use phishing simulation toolkit that explicitly automates creating campaigns, cloning landing pages, and capturing credentials via the GoPhish API (directly enabling credential theft and large-scale phishing operations), so it presents a high abuse risk even though there are no hidden backdoors, obfuscated payloads, or covert third-party exfiltration routines in the code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly imports and clones arbitrary external webpages (untrusted third-party content) as part of its workflow—see SKILL.md Step 4 ("Clone legitimate login page using GoPhish's import feature") and the import_site(url) API call in scripts/process.py—which causes the agent to fetch and incorporate external HTML that can influence campaign creation and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's deploy instructions explicitly download and run the GoPhish binary from https://github.com/gophish/gophish/releases/latest/download/gophish-v0.12.1-linux-64bit.zip (wget + unzip + ./gophish), which fetches remote code and executes it as a required dependency.