conducting-social-engineering-penetration-test
Fail
Audited by Snyk on Jun 27, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). These links include known offensive phishing/MFA‑bypass tools (Evilginx2, Social‑Engineer Toolkit) and a phishing platform (GoPhish) — legitimate security/pen‑test resources hosted on GitHub and vendor sites but commonly abused to distribute credential‑stealing malware and phishing infrastructure, whereas the Microsoft and Verizon links are legitimate reference sites; overall these sources are high‑risk if accessed or used outside authorized testing.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This document provides explicit, actionable instructions for credential harvesting, session/MFA bypass (Evilginx/Modlishka), phishing infrastructure, vishing and physical pretexting that enable unauthorized data exfiltration and account takeover, representing high malicious intent and abuse potential.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs installing and configuring offensive server software (e.g., "sudo apt install gophish"), setting up phishing/Evilginx infrastructure and editing server configs — actions that require sudo/elevated privileges and modify the host/network state, so it pushes the agent to compromise the machine.
Issues (3)
E005
CRITICALSuspicious download URL detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata