jwt-decode
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructions for parsing and displaying the contents of JSON Web Tokens. It contains no executable code, network requests, or file system operations.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted data (user-provided JWT strings). While it lacks explicit boundary markers to isolate this data, the skill has no dangerous capabilities (shell execution, network access, or file writes) that could be leveraged for an attack.
- Ingestion points: User-supplied JWT strings processed in
SKILL.md. - Boundary markers: None present.
- Capability inventory: None detected; the skill only generates text output for the user.
- Sanitization: The skill follows standard base64url decoding and JSON parsing logic.
Audit Metadata