The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches the vibe-kanban server package from the NPM registry using npx. It also references official Docker images (vibekanban/vibe-kanban) for deployment. These are well-known services and essential for the skill's operation.
[COMMAND_EXECUTION]: To achieve task isolation, the skill orchestrates several system-level commands, including git worktree operations for branch management and calling various agent CLIs (like claude, codex, and gemini). This behavior is core to the skill's purpose as an agent manager.
[REMOTE_CODE_EXECUTION]: The server is launched via npx vibe-kanban, which downloads and executes code from a remote registry. While this involves executing external code, it is a standard deployment method for Node.js-based developer tools.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes task descriptions and passes them as arguments to agent CLI tools.
Ingestion points: Task descriptions entered via the Kanban UI or the vk_create_card MCP tool.
Boundary markers: Not explicitly defined in the provided scripts; the agent's internal safety filters are the primary defense.
Capability inventory: The skill can execute subprocesses (agent CLIs), perform file writes via Git worktrees, and initiate network operations for GitHub PR creation.
Sanitization: Shell scripts use standard variable quoting to prevent local command injection, though the content itself is passed to the LLM agent.
[CREDENTIALS_UNSAFE]: The skill manages multiple sensitive API keys (Anthropic, OpenAI, Google) and GitHub tokens. The documentation correctly instructs users to manage these via environment variables or .env files rather than hardcoding them, which aligns with security best practices.

vibe-kanban