performing-jwt-none-algorithm-attack

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs capturing a live JWT (passed as a CLI argument and used to build Authorization headers and crafted tokens) and includes full bearer-token examples, which requires reading and embedding secret token values verbatim in requests/output, creating an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides ready-to-run tooling to craft forged JWTs (alg="none" variants and RS256→HS256 confusion) and to test endpoints for acceptance, directly enabling privilege escalation, user impersonation, and unauthorized access—functionality that is intentionally offensive and high-risk if used without explicit authorization.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (scripts/agent.py test_jwt_endpoint and the SKILL.md test_none_variants / python tool) send requests to arbitrary target URLs and ingest the HTTP responses from those third-party endpoints (untrusted public sites) and use the responses to determine whether variants are accepted, thereby letting external content materially influence the agent's decisions.