jwt-validate
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Node.js and Python code via the shell to perform JWT validation. It follows security best practices by passing sensitive data (JWT tokens and secrets) through environment variables rather than command-line arguments to prevent exposure in shell history.
- [EXTERNAL_DOWNLOADS]: The skill ensures that the 'jose' library is available in the Node.js environment, installing it via npm if necessary. This is a standard dependency management practice for this type of utility.
- [PROMPT_INJECTION]: No attempts to override agent behavior or bypass safety guidelines were detected. The skill's instructions are focused on providing a technical validation service.
- [DATA_EXFILTRATION]: No evidence of unauthorized data access or exfiltration. The skill uses user-provided JWKS endpoints (e.g., from well-known services like Auth0) to fetch public keys for signature verification, which is a standard part of the JWT validation workflow.
- [REMOTE_CODE_EXECUTION]: The skill executes static code defined within its own instructions using local Node.js and Python interpreters. It does not download or execute arbitrary remote scripts.
Audit Metadata