conducting-social-engineering-penetration-test

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill contains instructions that require elevated privileges, specifically the command sudo apt install gophish to install a phishing campaign management platform.
  • [EXTERNAL_DOWNLOADS]: The documentation references and provides links to several external tools and repositories for penetration testing, such as GoPhish, Evilginx2, and the Social Engineer Toolkit. These tools are hosted on well-known platforms like GitHub and official project sites.
  • [PROMPT_INJECTION]: The skill's reconnaissance methodology involves the ingestion of untrusted data from external sources including social media platforms, professional networks, and public code repositories using tools like theHarvester. This process creates a surface for indirect prompt injection because the agent processes external content (such as employee profiles or metadata) without explicitly mentioned sanitization or the use of boundary markers to prevent the execution of embedded instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 12:54 AM
Security Audit — agent-trust-hub — conducting-social-engineering-penetration-test