executing-phishing-simulation-campaign

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt directs collection, review, and testing of captured credentials and session tokens (e.g., credential harvesting, testing credentials against real systems), which requires the agent to handle and potentially output secret values verbatim, creating a direct exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides explicit, actionable instructions and tooling to construct phishing infrastructure and harvest credentials (typosquatting domains, credential-harvesting landing pages, SMTP/sending profiles, and mentions of MFA-bypassing tools like Evilginx2), which are high-risk and can be directly abused for unauthorized credential theft and data exfiltration.