performing-red-team-phishing-with-gophish

SUSPICIOUS: the skill is internally consistent with GoPhish automation, but its actual function is to give an AI agent offensive phishing capability with campaign launch, credential-capture setup, and result analysis. Official package sources reduce supply-chain concern, but disabled TLS verification and autonomous real-world phishing actions make this a high-risk security skill.

This module is an automation agent for the GoPhish phishing platform. It purposely creates phishing artifacts (email templates, credential-capturing landing pages), uploads target lists, and can launch campaigns that harvest credentials. The code is not obfuscated and contains no covert exfiltration mechanisms, but it enables high-impact malicious activity (credential theft, mass phishing). Operational security issues include disabled TLS verification, lack of input validation, plain handling of secrets, and logging that can leak sensitive identifiers. Use only in authorized, consented red-team or training contexts; otherwise treat as dangerous and avoid execution.