The Agent Skills Directory

[SAFE]: The skill provides legitimate workflows and scripts for security researchers to audit JWT implementations.
[EXTERNAL_DOWNLOADS]: References are made to well-known security utilities (jwt_tool) and standard Python libraries (pyjwt).
[DATA_EXFILTRATION]: Network requests in the agent script are directed to user-specified targets for token validation.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) as it processes untrusted JWT data. Ingestion points: sys.argv[1] in agent.py. Boundary markers: Absent. Capability inventory: Network requests via requests.get and file writing in agent.py. Sanitization: Absent (outputs decoded payload directly).

testing-for-json-web-token-vulnerabilities