The Agent Skills Directory

[SAFE]: The skill is primarily educational, providing clear instructions and reference implementations for JWT security.
[COMMAND_EXECUTION]: The provided scripts (agent.py and process.py) perform local operations such as cryptographic key generation, token signing, and signature verification. These are the intended functions of the skill and use standard Python libraries (hmac, hashlib, cryptography).
[DATA_EXPOSURE]: The agent.py script includes a security audit feature that specifically checks for sensitive data (e.g., passwords, API keys) embedded within JWT claims, which is a defensive security feature.
[EXTERNAL_DOWNLOADS]: The skill documentation references official RFC standards, OWASP guides, and well-known libraries (PyJWT, cryptography). No suspicious or unverified external downloads were detected.
[PROMPT_INJECTION]: No malicious prompt injection patterns or attempts to override agent behavior were found in any of the files.

implementing-jwt-signing-and-verification