jwt-backend
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices by explicitly prohibiting the 'alg: none' vulnerability and requiring developers to whitelist algorithms during token verification.
- [SAFE]: It provides high-quality guidance on token architecture, recommending short-lived access tokens and rotated refresh tokens to minimize the impact of token theft.
- [SAFE]: The instructions include robust validation steps (checking 'iss', 'aud', and 'exp' claims) and secure storage recommendations (HttpOnly cookies) that mitigate common web vulnerabilities like XSS.
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected in the skill instructions.
Audit Metadata