vibe-kanban
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses
npx vibe-kanbanto fetch and execute code from the npm registry, which allows for the execution of remote code that is not pinned to a specific version. - [COMMAND_EXECUTION]: The
scripts/mcp-setup.shscript modifies sensitive user configuration files at~/.claude/claude_desktop_config.jsonand~/.codex/config.tomlto register the application as an MCP server. - [COMMAND_EXECUTION]: The
templates/docker-compose.ymlfile includes a volume mount for/var/run/docker.sock, which grants the container full control over the host's Docker daemon and can be exploited for privilege escalation. - [EXTERNAL_DOWNLOADS]: The application establishes connections to external domains
api.vibekanban.comandvibekanban.online, which are used for remote client initialization as shown in the startup logs. - [DATA_EXFILTRATION]: The skill requests and handles sensitive API keys (e.g.,
ANTHROPIC_API_KEY,OPENAI_API_KEY,GITHUB_TOKEN) and passes them to external agent CLI tools. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted task descriptions through the UI or MCP tools and interpolates them into commands executed by powerful AI agents without sanitization or boundary markers. Capability inventory includes full file system access via git worktrees and shell command execution.
Audit Metadata