The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The workflow in SKILL.md includes cloning the jwt_tool repository from https://github.com/ticarpi/jwt_tool.git. This source is not categorized as a trusted vendor.
[REMOTE_CODE_EXECUTION]: The skill instructs the user to execute the cloned script jwt_tool.py using Python, which represents execution of code downloaded from an external source.
[COMMAND_EXECUTION]: The skill requires the use of several CLI tools including pip, git, openssl, hashcat, and john the ripper to perform its security testing functions.
[DATA_EXFILTRATION]: Both the agent.py script and the manual workflow involve making network requests to external domains (e.g., via curl or Python requests). While intended for application testing, these capabilities could be redirected to unauthorized external endpoints.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection. 1. Ingestion points: JWT tokens are ingested through command-line arguments in agent.py and via the instructions in SKILL.md. 2. Boundary markers: The skill does not employ delimiters or specific warnings to ignore instructions embedded within the tokens. 3. Capability inventory: The agent script has the ability to perform network requests and write to the filesystem. 4. Sanitization: No sanitization or validation of the token payload is performed beyond standard JSON decoding.

testing-for-json-web-token-vulnerabilities