Skills
skills/mukul975/anthropic-cybersecurity-skills/conducting-social-engineering-penetration-test/Snyk

conducting-social-engineering-penetration-test

Fail

Audited by Snyk on Mar 15, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). These are mostly legitimate, well-known project/vendor pages (GitHub, Verizon, GoPhish, Microsoft) but several (Evilginx2, Social‑Engineer Toolkit, GoPhish) are dual‑use phishing frameworks distributed from reputable hosts and are commonly abused to harvest credentials/MFA or deliver malicious payloads, so they are not directly malware-hosting sites but represent a meaningful abuse risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The content provides explicit, actionable instructions to perform credential theft (phishing landing pages, credential capture, redirecting victims), MFA bypass (Evilginx reverse-proxy phishlets), email/domain spoofing (lookalike domains, DKIM/SPF setup), social-engineering scripts (vishing/smishing) to elicit PII, and physical-intrusion tactics (tailgating, USB drops, rogue APs) — all deliberate abuse patterns enabling unauthorized access and data exfiltration despite being framed as authorized testing.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The SKILL.md Phase 1 "OSINT and Target Profiling" explicitly instructs using public OSINT tools (theHarvester, LinkedIn/social media scraping, GitHub, HaveIBeenPwned) to harvest and interpret user-generated public web content to build targets and pretexts, so untrusted third‑party content is ingested and can directly influence campaign actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). Flagged: the prompt explicitly instructs installing and configuring server software using sudo (e.g., "sudo apt install gophish"), editing service/configuration files, and running tools like Evilginx and GoPhish that modify system state and require elevated privileges or enable bypassing security controls.

Issues (4)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 15, 2026, 09:04 AM
Issues
4