The Agent Skills Directory

[SAFE]: The skill instructs the installation of standard, well-known Python packages (python-jose and cryptography) from the official PyPI registry for cryptographic operations.
[SAFE]: Implements secure credential management by reading the public key from a Vault service rather than using hardcoded secrets.
[SAFE]: Follows security best practices by enforcing RS256 asymmetric signatures and validating essential claims such as expiration (exp) and audience (aud).
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted data (JWT tokens) from external clients.
Ingestion points: verify_jwt(token: str) in backend/api/middleware/auth.py accepts external strings.
Boundary markers: Uses the python-jose library for decoding, which acts as a structural boundary, and enforces verify_exp and verify_aud options.
Capability inventory: The skill primarily performs data validation and logging; it does not directly perform dangerous operations like subprocess spawning with the token content.
Sanitization: Validation of claims and signature verification are present, though the skill does not explicitly describe sanitization of the sub claim before it is added to logging contextvars.

jwt_rs256_validation