competition-jwt-claim-confusion

SUSPICIOUS: the skill is internally coherent for a CTF JWT-analysis purpose and shows no install-chain or credential-exfiltration behavior, but it materially expands an AI agent's offensive security capability by teaching it how to analyze and prove JWT authentication/authorization confusion paths. The main risk is exploit-enablement, not malware or supply-chain abuse.