spearphishing-simulation-governance
by LocoLoboZ
Design and govern authorized spearphishing simulations with professional reporting and stakeholder alignment.
- Generate stakeholder approval packs for Legal and HR sign-off.
- Create safe, payload-free message themes for security awareness.
- Analyze campaign metrics to produce an executive After-Action Report.
Secure checkout via Stripe
Included in download
- Generate stakeholder approval packs for Legal and HR sign-off.
- Create safe, payload-free message themes for security awareness.
- terminal automation included
- Ready for including Claude Code
See it in action
A real example of what this skill takes in and produces.
Sample input
Plan an authorised spearphishing simulation for our finance leadership team. We have CISO approval and HR awareness. Produce a governance brief, approval pack, safe theme catalogue, readiness checklist, and an after-action report template.
Sample output
The skill produces a spearphishing simulation governance brief confirming authorisation status, scope, exclusions, and success measures, a campaign approval pack with stakeholder sign-off sections for security, HR, legal, privacy, communications, and executive, a safe theme catalogue with approved message themes that test recognition and reporting without collecting credentials, an authorisation and scope readiness checklist, and an after-action report template structured around metrics, findings, awareness improvement actions, and a remediation tracker. All items without confirmed approval are clearly marked as validation points.
Design and govern authorized spearphishing simulations with professional reporting and stakeholder alignment.
Secure checkout via Stripe
Included in download
- Generate stakeholder approval packs for Legal and HR sign-off.
- Create safe, payload-free message themes for security awareness.
- terminal automation included
- Ready for including Claude Code
- Instant install
See it in action
A real example of what this skill takes in and produces.
Sample input
Plan an authorised spearphishing simulation for our finance leadership team. We have CISO approval and HR awareness. Produce a governance brief, approval pack, safe theme catalogue, readiness checklist, and an after-action report template.
Sample output
The skill produces a spearphishing simulation governance brief confirming authorisation status, scope, exclusions, and success measures, a campaign approval pack with stakeholder sign-off sections for security, HR, legal, privacy, communications, and executive, a safe theme catalogue with approved message themes that test recognition and reporting without collecting credentials, an authorisation and scope readiness checklist, and an after-action report template structured around metrics, findings, awareness improvement actions, and a remediation tracker. All items without confirmed approval are clearly marked as validation points.
About This Skill
Protect Your Organization with Ethical Phishing Simulations
Running a spearphishing simulation is a high-stakes task that requires rigorous governance, legal alignment, and clear communication. This skill provides a structured framework for security professionals to plan, govern, and report on authorized defensive simulations without the risk of creating actual harmful content.
What it does
This skill acts as a specialized governance layer for your security awareness program. It guides you through:
- Planning: Defining objectives, target populations, and exclusion rules for a safe test environment.
- Governance: Generating stakeholder approval packs for HR, Legal, and Executive teams.
- Execution Readiness: Validating that message themes are effective but safe (no credential harvesting).
- Analysis & Reporting: Transforming raw data from your simulation platform into professional After-Action Reports (AAR) and remediation trackers.
Why use this skill?
Prompting an AI yourself often leads to safety filters blocking your requests or, conversely, generating "too-realistic" content that violates corporate policy. This skill ensures your simulated campaigns remain purely for training purposes. It follows strict quality gates to ensure all activities are documented, authorized, and mapped to defensive controls, saving you hours of document preparation while maintaining a high compliance bar.
Output
The skill produces structured governance artifacts, including Campaign Briefs, Readiness Checklists, and Metrics Analyses, formatted specifically for internal security audits and stakeholder review.
Use Cases
- Generate stakeholder approval packs for Legal and HR sign-off.
- Create safe, payload-free message themes for security awareness.
- Analyze campaign metrics to produce an executive After-Action Report.
- Develop a targeting and exclusion matrix to protect sensitive personnel.
- Build a remediation tracker based on simulation performance data.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/spearphishing-simulation-governance | tar xz -C ~/.claude/skills/Free skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
File Scopes
Tags
Works with any agent that supports the Universal SKILL.md standard, including Claude Code, Codex CLI, Cursor, VS Code Copilot, Gemini CLI, and any agent that supports the Universal SKILL.md standard. Requires user-supplied authorisation evidence and campaign context.
Creator
I design and publish skills built from real professional practice across three areas: cyber security consulting, business operations, and AI workflow engineering. My cyber security skills draw on active advisory work spanning governance, risk, compliance, assurance, and executive reporting. They are built for practitioners who need structured, defensible outputs - not generic templates. My business operations skills cover the day-to-day work of running a consulting practice: bookkeeping, financial tracking, expense reconciliation, and marketing content - designed to reduce repetitive overhead and keep outputs consistent. My AI platform and workflow skills are built for people who want to get more out of Claude and similar platforms - covering prompt engineering, skill architecture, automation pipelines, and agent enhancement. Every skill I publish has been tested in production use before it reaches the marketplace. If it is here, it works.
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
designing-hybrid-context-layers
Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.
consumer-motivation-analyzer
Go beyond surface-level feedback to uncover the psychological drivers and hidden motivations behind buyer behavior.
Bounty Security Pattern Master Library — 399 Vulnerability Patterns
A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.
diagnosing-rag-failure-modes
RAG fails quietly. It retrieves documents, returns confident-looking answers, and misses the question entirely — because the question required connecting facts across documents, reasoning about sequence, or tracing causation. This skill gives you a five-question diagnostic checklist that classifies any failing query as either RAG-safe or structurally RAG-incompatible, then maps it to the specific failure pattern and the architectural fix that resolves it.