bulk-remove-classname
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill utilizes
npx classname-search, which downloads and executes code from the npm registry at runtime. The packageclassname-searchdoes not originate from a trusted organization defined in the security policy (e.g., Anthropic, Google, Microsoft, Vercel), making it an unverifiable dependency. - [COMMAND_EXECUTION] (LOW): The skill executes multiple shell commands (
npx,rm) using user-provided inputs (<glob>,<class-name>). While the instructions use single quotes to mitigate simple command injection, the execution of external tools on local files remains a risk if the tool itself has vulnerabilities. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes contents of HTML/JSX files which could contain malicious instructions.
- Ingestion points: Files matching the user-provided
<glob>pattern are read by theclassname-searchtool. - Boundary markers: Absent; there are no specific markers or instructions to ignore LLM-targeted content within the target files.
- Capability inventory: The skill can read files, modify files (remove class names), and delete files (
rm 'verification-<class-name>.jsonl'). - Sanitization: Absent; the skill does not specify any sanitization or validation of the content found within the target files before processing.
Audit Metadata