performing-red-team-phishing-with-gophish

This skill is purpose-aligned and uses official registry dependencies, but its purpose is itself high risk: it gives an AI agent offensive phishing automation, credential-capture capability, and email-sending workflows with real-world impact. The main concern is operational abuse, not hidden malware or deceptive supply chain behavior.

This module is an automation agent for the GoPhish phishing platform. It purposely creates phishing artifacts (email templates, credential-capturing landing pages), uploads target lists, and can launch campaigns that harvest credentials. The code is not obfuscated and contains no covert exfiltration mechanisms, but it enables high-impact malicious activity (credential theft, mass phishing). Operational security issues include disabled TLS verification, lack of input validation, plain handling of secrets, and logging that can leak sensitive identifiers. Use only in authorized, consented red-team or training contexts; otherwise treat as dangerous and avoid execution.