kanban-app
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill triggers
npm installto set up dependencies like Vite and React. This action downloads third-party packages from the npm registry which can execute arbitrary code on the host machine during installation via preinstall/postinstall scripts. - COMMAND_EXECUTION (MEDIUM): The skill starts a Vite development server in the background. Running persistent background processes is a security concern as it can be used to hide malicious activity or maintain unauthorized access to local resources.
- PROMPT_INJECTION (LOW): The skill reads and processes
KANBAN.md, which serves as an indirect prompt injection surface. Maliciously crafted content within the Kanban file could attempt to influence the agent's behavior during the task management process. - Ingestion points:
KANBAN.md(read/write access) - Boundary markers: Absent; the agent reads the file directly to manage cards.
- Capability inventory:
npm install, filesystem write (KANBAN.md, package.json), background process execution. - Sanitization: No sanitization of the markdown content is specified before processing.
- DATA_EXFILTRATION (SAFE): The skill operates on
localhost:5555and local files. No evidence was found of sensitive data being transmitted to external, non-whitelisted domains.
Audit Metadata