jwt
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found.
- DATA_EXPOSURE (SAFE): The skill uses placeholders for secrets (process.env.JWT_SECRET) and does not contain hardcoded credentials or sensitive file access.
- OBFUSCATION (SAFE): No obfuscated or encoded content (Base64, zero-width characters, etc.) was detected. The example JWT tokens are standard documentation snippets.
- REMOTE_CODE_EXECUTION (SAFE): There are no patterns for downloading and executing remote scripts or unverified packages.
- INDIRECT_PROMPT_INJECTION (SAFE): This skill defines static authentication patterns and does not ingest untrusted external data in a way that would trigger downstream vulnerabilities.
Audit Metadata