The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): The skill provides instructions to download code from untrusted repositories: github.com/thelinuxchoice/shellphish and github.com/wifiphisher/wifiphisher. Neither the author nor the repositories are on the Trusted External Sources list.
[REMOTE_CODE_EXECUTION] (HIGH): The workflow involves cloning external repositories and immediately executing scripts (./shellphish.sh) or installing them (python setup.py install). This represents a 'download then execute' pattern, which is a high-severity RCE risk.
[COMMAND_EXECUTION] (MEDIUM): The skill frequently uses administrative commands such as chmod 744 to make downloaded scripts executable and apt install to modify the system environment.
[INDIRECT_PROMPT_INJECTION] (HIGH):
Ingestion points: The skill is designed to process external inputs during phishing simulations (e.g., victim interaction via shellphish or wifiphisher).
Boundary markers: No boundary markers or sanitization instructions are present to prevent the agent from obeying instructions embedded in the 'captured' data.
Capability inventory: The agent is granted the ability to execute shell scripts and perform network operations.
Sanitization: There is no evidence of sanitization for the data being processed from external sources. The combination of high-privilege execution capabilities and interaction with untrusted external data creates a Tier 1 (HIGH) vulnerability surface.

Phishing Attacks