ReddRadar
Agent skill
phishing-simulation-skill
Phishing simulation campaign execution and analysis for security awareness assessment
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/security-compliance/skills/phishing-simulation-skill
SKILL.md
Phishing Simulation Skill
Purpose
Execute and analyze phishing simulation campaigns to assess organizational security awareness, identify high-risk users, and measure the effectiveness of security training programs.
Capabilities
Campaign Template Generation
- Create realistic phishing email templates
- Design landing pages for credential harvesting simulations
- Generate attachment-based simulation scenarios
- Create spear-phishing templates using OSINT
- Develop pretexting scenarios
- Build multi-stage attack simulations
Campaign Execution
- Schedule and launch simulation campaigns
- Manage target user groups
- Configure sending parameters (timing, throttling)
- Handle bounce and delivery tracking
- Implement safe landing pages
- Manage campaign duration and scope
User Response Tracking
- Track email open rates
- Monitor link click rates
- Record credential submission attempts
- Track attachment opens
- Measure response times
- Identify repeat offenders
Awareness Reporting
- Generate campaign summary reports
- Create department-level breakdowns
- Produce trend analysis over time
- Compare against industry benchmarks
- Generate executive dashboards
- Export data for further analysis
Risk User Identification
- Identify users who clicked links
- Flag users who submitted credentials
- Track repeat high-risk behavior
- Score user security awareness
- Prioritize users for additional training
Training Recommendations
- Recommend targeted training modules
- Suggest remedial training assignments
- Track training completion rates
- Correlate training with behavior improvement
- Generate training effectiveness reports
Simulation Types
| Type | Description | Risk Level |
|---|---|---|
| Mass Phishing | Broad awareness testing | Low |
| Spear Phishing | Targeted attacks | Medium |
| Whaling | Executive targeting | High |
| Vishing | Voice phishing | Medium |
| Smishing | SMS phishing | Medium |
| BEC | Business email compromise | High |
Template Categories
- Password reset notifications
- IT support messages
- Package delivery notifications
- Invoice/payment requests
- HR communications
- Executive requests
- Cloud service notifications
- Social media alerts
Integrations
- KnowBe4: Security awareness training platform
- Proofpoint: Security awareness and phishing simulation
- GoPhish: Open-source phishing framework
- Cofense: Phishing defense solutions
- Microsoft Defender: Attack simulation training
Target Processes
- Security Awareness Training Program
- Human Risk Assessment
- Social Engineering Testing
- Compliance Training Verification
Input Schema
{
"type": "object",
"properties": {
"campaignType": {
"type": "string",
"enum": ["mass", "spear", "whaling", "department", "new-hire"],
"description": "Type of phishing simulation"
},
"templateCategory": {
"type": "string",
"enum": ["password-reset", "it-support", "delivery", "invoice", "hr", "executive", "cloud-service"],
"description": "Phishing template category"
},
"targetGroups": {
"type": "array",
"items": { "type": "string" },
"description": "Target user groups or departments"
},
"schedule": {
"type": "object",
"properties": {
"startDate": { "type": "string", "format": "date-time" },
"endDate": { "type": "string", "format": "date-time" },
"sendingWindow": { "type": "string" }
}
},
"difficulty": {
"type": "string",
"enum": ["easy", "medium", "hard", "expert"],
"description": "Simulation difficulty level"
},
"landingPageAction": {
"type": "string",
"enum": ["awareness", "training-redirect", "credential-capture"],
"description": "Action when user clicks link"
},
"customTemplate": {
"type": "string",
"description": "Path to custom template file"
}
},
"required": ["campaignType", "targetGroups"]
}
Output Schema
{
"type": "object",
"properties": {
"campaignId": {
"type": "string"
},
"campaignType": {
"type": "string"
},
"executionPeriod": {
"type": "object",
"properties": {
"startDate": { "type": "string" },
"endDate": { "type": "string" }
}
},
"targetSummary": {
"type": "object",
"properties": {
"totalTargets": { "type": "integer" },
"emailsSent": { "type": "integer" },
"emailsDelivered": { "type": "integer" },
"bounced": { "type": "integer" }
}
},
"results": {
"type": "object",
"properties": {
"emailsOpened": { "type": "integer" },
"openRate": { "type": "number" },
"linksClicked": { "type": "integer" },
"clickRate": { "type": "number" },
"credentialsSubmitted": { "type": "integer" },
"submissionRate": { "type": "number" },
"attachmentsOpened": { "type": "integer" },
"reportedPhishing": { "type": "integer" },
"reportRate": { "type": "number" }
}
},
"departmentBreakdown": {
"type": "array",
"items": {
"type": "object",
"properties": {
"department": { "type": "string" },
"clickRate": { "type": "number" },
"riskScore": { "type": "number" }
}
}
},
"highRiskUsers": {
"type": "array",
"items": {
"type": "object",
"properties": {
"userId": { "type": "string" },
"actions": { "type": "array" },
"repeatOffender": { "type": "boolean" }
}
}
},
"trainingRecommendations": {
"type": "array",
"items": {
"type": "object",
"properties": {
"userGroup": { "type": "string" },
"recommendedModules": { "type": "array" },
"priority": { "type": "string" }
}
}
},
"benchmarkComparison": {
"type": "object",
"properties": {
"industryAvgClickRate": { "type": "number" },
"organizationClickRate": { "type": "number" },
"performanceRating": { "type": "string" }
}
}
}
}
Usage Example
skill: {
name: 'phishing-simulation-skill',
context: {
campaignType: 'mass',
templateCategory: 'password-reset',
targetGroups: ['all-employees'],
difficulty: 'medium',
landingPageAction: 'awareness'
}
}
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?