Claims
The skill provides a comprehensive methodology and checklist for penetration testers to identify and exploit JWT vulnerabilities (algorithm confusion, weak secrets, header injection, mobile storage issues) during security engagements.
Actual behavior
The skill acts as a static knowledge base and decision tree. It documents JWT structures, lists specific vulnerabilities with explanations, and provides references to external tools (jwt_tool, BurpSuite) and commands for mobile extraction. It does not execute code, modify files, or make network requests directly; it guides the agent/user on what to check and how.
No non-informational findings.