testing-jwt-token-security

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks for a "Target JWT" and contains numerous examples that construct, print, and embed JWTs and HMAC secrets verbatim (e.g., printing forged tokens, using Authorization: Bearer in curl), so the LLM would need to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses untrusted public endpoints (see SKILL.md and scripts/agent.py's check_jwks_endpoint which requests /.well-known/jwks.json and the workflow steps that curl JKU/x5u/JWKS URLs and then use those keys to craft/forge JWTs and send forged tokens to target URLs), so attacker-controlled third‑party content is read and can directly influence the agent's actions.