Skills
skills/mukul975/anthropic-cybersecurity-skills/testing-for-json-web-token-vulnerabilities/Snyk

testing-for-json-web-token-vulnerabilities

Fail

Audited by Snyk on Mar 15, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt repeatedly instructs embedding JWTs and HMAC secrets verbatim in commands and headers (e.g., curl -H "Authorization: Bearer <FORGED_TOKEN>", jwt_tool -p "discovered_secret", and examples showing discovered secrets), which would require an agent/LLM to handle and output secret values directly, creating exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 1.00). Yes — the presence of multiple attacker-controlled endpoints (e.g., attacker.com/key, attacker.com/.well-known/jwks.json, attacker.com/cert.pem) used to host keys/certs/JWKS for token attacks indicates a malicious distribution/command-and-control source (the GitHub repo may be legitimate tooling but does not mitigate the clear risk from the attacker-controlled URLs).

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This repository is an explicit offensive JWT exploitation guide and toolkit (token forging, brute-forcing HMAC secrets, alg confusion, kid/JKU/X5U injection, SSRF and SQLi payloads, hosting attacker JWKS) that provides step-by-step instructions and code to achieve authentication bypass and privilege escalation, so it is intentionally enabling malicious abuse (dual-use but clearly offensive).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill's workflow (SKILL.md Step 3 and Step 5) explicitly instructs fetching and using public keys from arbitrary JWKS endpoints (e.g., curl http://target.com/.well-known/jwks.json and pointing jku/x5u to attacker-controlled URLs) and scripts/agent.py also performs HTTP requests to a provided base_url, so the agent will ingest untrusted remote JWKS/API responses that can directly influence token-forging actions.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 15, 2026, 01:52 PM
Issues
4