testing-jwt-token-security
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Provides instructions and shell command snippets for using penetration testing tools to evaluate JWT security, including hashcat and john the ripper.
- [EXTERNAL_DOWNLOADS]: Directs users to download the jwt_tool utility from GitHub and install the PyJWT library via standard package managers to facilitate testing.
- [PROMPT_INJECTION]: Contains a potential surface for indirect prompt injection within scripts/agent.py by processing and outputting JWT payload data from external sources.
- Ingestion points: JWT token input in the decode_jwt function of scripts/agent.py.
- Boundary markers: No delimiters or ignore instructions are used when printing the decoded payload to the console.
- Capability inventory: The script includes capabilities for making network requests using the requests library and writing results to local JSON files.
- Sanitization: No sanitization or validation of the JWT payload content is performed before it is displayed.
Audit Metadata