exploiting-jwt-algorithm-confusion-attack

SUSPICIOUS. The skill is internally coherent as a JWT exploitation guide, but it is a high-risk offensive security skill for an AI agent: it automates token forgery, auth-bypass attempts, admin-endpoint probing, and attacker-controlled key injection. Dependency trust is mostly standard for the Python libraries, with moderate supply-chain concern around unpinned third-party tooling like jwt_tool. Not confirmed malware, but dangerous and inappropriate for general-purpose agent use.