jwt-decode

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly decodes and displays the JWT header, full payload (all claims), and raw signature, which will verbatim reveal any embedded secrets, API keys, or passwords present in the token.