The Agent Skills Directory

[PROMPT_INJECTION]: The agent.py script serves as a processing point for untrusted data by accepting JWT tokens via the --token argument and arbitrary JSON via the --payload argument. An attacker providing a maliciously crafted JWT could attempt an indirect prompt injection if an AI agent automatically processes the script's analysis output as instructions.
Ingestion points: --token and --payload command-line arguments in scripts/agent.py.
Boundary markers: Absent; the script decodes and prints payload content directly.
Capability inventory: The script performs cryptographic signatures and local file I/O (reading public keys and writing JSON reports).
Sanitization: The script uses standard json.loads() and base64 decoding which prevents direct execution but does not filter the content for natural language instructions.
[EXTERNAL_DOWNLOADS]: The documentation and prerequisites section list several external Python libraries (PyJWT, cryptography, requests) and security tools (jwt_tool) necessary for the skill's operation. These are standard industry tools but require installation from external repositories.

exploiting-jwt-algorithm-confusion-attack