Phishing Attacks

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs capturing, monitoring, documenting, and reporting plaintext credentials as deliverables (e.g., "Captured credentials", "Credentials shown in plaintext", "Document captured credentials"), which would require the agent to include secret values verbatim in its outputs.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These links point to public repositories that distribute phishing and Wi‑Fi attack scripts (thelinuxchoice/shellphish, wifiphisher) and an ngrok tunnel URL that can expose live credential‑harvesting pages — legitimate for authorized testing but high‑risk if run or shared unchecked, while the Google quiz is benign.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides detailed, actionable instructions for credential harvesting (Shellphish), WiFi “evil twin” and deauthentication attacks (Wifiphisher), and use of remote hosting/exfiltration (ngrok), directly enabling credential theft, network compromise, and data exfiltration despite framing as “authorized” testing.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs cloning public GitHub repos (e.g., git clone https://github.com/thelinuxchoice/shellphish.git and wifiphisher), using Ngrok-hosted phishing URLs, and explicitly monitoring and displaying captured credentials ("Credentials shown in plaintext" when targets submit data), so it clearly fetches public third‑party content and expects the agent to read untrusted, user‑supplied inputs.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs installing and running offensive tools (apt installs, wifiphisher, Shellphish, deauthentication/evil-twin WiFi attacks, running servers) that require elevated privileges and perform network/system-altering actions, so it pushes the agent toward modifying the machine's state.