performing-initial-access-with-evilginx3

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill instructs the agent to capture, extract, export, import, and document session cookies, usernames/passwords and authentication tokens—operations that require handling and outputting secret values verbatim (high exfiltration risk).

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The GitHub URL is high-risk because it hosts EvilGinx (an adversary-in-the-middle phishing framework that can capture credentials and session tokens and is commonly abused), while "legitimate-site.com" is a generic/placeholder redirect domain that by itself isn't obviously malicious but can be abused in phishing flows—together this combination indicates a suspicious download/use context.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content explicitly documents and automates adversary‑in‑the‑middle phishing (EvilGinx3) including lookalike domain registration, lure creation, delivery integration (GoPhish), session/token capture, cookie export/import, and post‑access persistence—directly facilitating credential theft, MFA bypass, session hijacking, and account takeover.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and scripts explicitly ingest untrusted, public phishlet and session data (e.g., SKILL.md instructs cloning the EvilGinx GitHub repo and scripts/agent.py's parse_phishlet and analyze_session_log read phishlet YAMLs and session logs), and those external, user-generated files are parsed/used to determine capabilities and detection rules—meaning third-party content can materially influence agent decisions and actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs installing and running EvilGinx3 with sudo, configuring server DNS/SSL and persistent services (privileged operations), and guiding session-hijacking actions—instructions that require and encourage modifying the host/system state and elevated privileges.