phishing-simulation-skill

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill explicitly includes credential-harvesting landing pages, targeted spear‑phishing/whaling templates, user tracking and data export capabilities—features that strongly enable credential theft and data exfiltration (high abuse potential), though there is no sign of obfuscated code, remote shells, or hidden backdoors in the provided text.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly states it will "Create spear-phishing templates using OSINT," which implies fetching and interpreting public third-party sources (social media, public websites, OSINT data) to craft templates, exposing the agent to untrusted user-generated content.