social-engineering
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The
reference/social-engineering.mdfile provides executable command-line examples for launching attack frameworks such as the Social Engineering Toolkit (SET) and Gophish (e.g.,setoolkit,./gophish). - [REMOTE_CODE_EXECUTION]: The skill includes a PowerShell payload template in the 'Baiting' section of
reference/social-engineering.md(IEX (New-Object Net.WebClient).DownloadString(...)) specifically designed to download and execute arbitrary code from an attacker-controlled server. - [EXTERNAL_DOWNLOADS]: The reference documentation includes instructions for setting up and configuring external security testing tools such as
Evilginx2,Modlishka, andGophish, which are used for advanced phishing and bypassing two-factor authentication. - [DATA_EXFILTRATION]: The skill details techniques for harvesting sensitive information, including instructions for cloning websites to capture credentials and using reverse proxies to intercept session tokens via tools like
Evilginx2.
Recommendations
- AI detected serious security threats
Audit Metadata