jwt-encode
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands using
node -e,python3 -c, andopensslto sign JWT payloads. - [EXTERNAL_DOWNLOADS]: The skill downloads and installs the 'jose' package from the official NPM registry if it is not detected in the environment.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by interpolating user-provided claims directly into shell command templates without validation.
- Ingestion points: Claims and payload data provided by the user in
SKILL.md. - Boundary markers: Absent; data is placed directly into script strings.
- Capability inventory: Shell command execution (Node.js, Python, OpenSSL) as defined in
SKILL.md. - Sanitization: No escaping or validation is performed on the input claims before they are passed to the shell.
- [SAFE]: The skill uses environment variables (
JWT_SECRET) to handle sensitive keys, which prevents exposure in system process lists or shell history.
Audit Metadata