testing-for-json-web-token-vulnerabilities

SUSPICIOUS/HIGH-RISK skill. Its stated purpose is coherent, but that purpose is offensive exploitation of JWT-based authentication systems, which is inappropriate to grant an AI agent without strict oversight. Risk is elevated further by the unpinned personal-repo install for jwt_tool and by sending JWT data through third-party tooling like jwt.io. This is not confirmed malware, but it is a high-risk offensive security skill.