go-jwt
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements JWT signing and verification using the industry-standard
github.com/golang-jwt/jwt/v5library. - [SAFE]: Implements explicit algorithm validation in the parser to prevent JWT algorithm confusion attacks, ensuring the token's algorithm header matches the server's expected configuration.
- [SAFE]: Uses the cryptographically secure
crypto/randpackage for generating unique token IDs. - [SAFE]: Provides comprehensive security documentation regarding HMAC secret lengths, payload sensitivity, and token logging risks.
- [SAFE]: Hardcoded cryptographic keys in
examples.mdare clearly isolated within unit tests and explicitly labeled as "test only", posing no risk to production environments.
Audit Metadata