skills/mukul975/anthropic-cybersecurity-skills/performing-jwt-none-algorithm-attack/Gen Agent Trust Hub
performing-jwt-none-algorithm-attack
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a command-line utility, 'agent.py', for automating JWT security tests. It correctly uses 'argparse' to handle user-provided tokens and target URLs.
- [EXTERNAL_DOWNLOADS]: The skill references established libraries, 'requests' and 'PyJWT', for its core operations. These are standard dependencies for security testing tools.
- [PROMPT_INJECTION]: The skill processes external data, establishing a surface for potential indirect prompt injection. 1. Ingestion points: URLs and tokens are accepted as CLI arguments. 2. Boundary markers: The script output does not use delimiters to isolate data from target servers. 3. Capability inventory: The script can perform network requests and read files. 4. Sanitization: Basic truncation is applied to server responses, but there is no specific filtering for embedded instructions.
Audit Metadata