testing-for-json-web-token-vulnerabilities

SUSPICIOUS: the skill’s behavior is internally consistent with its stated purpose, but that purpose is to equip an AI agent with offensive web-security capabilities. Install sources are mostly coherent, yet the skill facilitates intrusive actions, SSRF/injection testing, secret cracking, and token forgery, and it encourages sending sensitive JWT data to jwt.io.