Skills
skills/mukul975/anthropic-cybersecurity-skills/performing-red-team-phishing-with-gophish/Gen Agent Trust Hub

performing-red-team-phishing-with-gophish

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's instructions guide the user to install the gophish and requests Python packages via pip.\n- [DATA_EXFILTRATION]: The scripts/agent.py script and code examples handle sensitive information, including a GoPhish API key and target contact lists. This data is transmitted to an external server URL provided by the user via command-line arguments.\n- [SAFE]: The GoPhish API connection in scripts/agent.py and SKILL.md disables SSL certificate verification (verify=False). This is a common configuration for lab environments but represents a security trade-off.\n- [SAFE]: Indirect Prompt Injection Surface:\n
  • Ingestion points: scripts/agent.py reads target user data from CSV files.\n
  • Boundary markers: None identified in the data processing logic.\n
  • Capability inventory: Performs network operations via the gophish library and writes results to a local JSON file.\n
  • Sanitization: No input validation or sanitization is performed on the CSV contents before use.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 12:58 PM