Skills
skills/trilwu/secskills/performing-social-engineering/Gen Agent Trust Hub

performing-social-engineering

Fail

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides templates for VBA macros, HTA files, and Ducky scripts that use PowerShell's Invoke-Expression (IEX) command to download and execute code from an external server.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and execute a pre-compiled binary from a third-party repository on GitHub.
  • [DATA_EXFILTRATION]: The skill includes PHP and Python scripts designed to capture user credentials from web forms and save them to local storage files.
  • [COMMAND_EXECUTION]: The skill executes multiple offensive tools such as Gophish, SET, and BeEF to perform security testing and exploitation.
  • [CREDENTIALS_UNSAFE]: The skill includes hardcoded default administrative login credentials for the Gophish phishing framework.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 21, 2026, 01:18 AM