conducting-spearphishing-simulation-campaign

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is clearly weaponized for offensive use: it provides step-by-step instructions, tools, and code to craft and deliver spearphishing attacks (credential-harvesting landing pages, HTML smuggling with embedded Base64 executables, macro/ISO/LNK payload chains, C2 callback configuration, instructions to bypass email/EDR/MFA defenses and to age/pravide look‑alike domains), all of which enable credential theft, unauthorized data exfiltration, and user/system compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and ingesting public third-party web content — for example "Import Site: https://login.microsoftonline.com" in references/workflows.md and a wget to GitHub releases — and its tools (domain reputation checks, WHOIS/DNS lookups, GoPhish import workflows) expect to read and act on that untrusted site data as part of the campaign workflow, which could allow indirect prompt-injection from those pages.