jwt-encode

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks for the user's secret/key to sign JWTs and provides example commands that embed the secret in inline env vars and uses the secret to generate output, so the agent would need to receive and could output secret values verbatim.