The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill executes arbitrary shell commands defined in a repository's manifest file, allowing external repository content to execute code on the host system.
Evidence: In scripts/vibe.js, the cmdPreviewStart function reads the preview.command property from a tracked .vibe.json file.
Evidence: This command is passed to startBackground, which executes it using bash -lc, providing a direct path for repository-controlled code execution.
[COMMAND_EXECUTION]: The CLI tool performs sensitive system modifications and executes background processes.
Evidence: cmdSetup modifies the core.hooksPath git configuration to point to .githooks, which can be used to execute arbitrary scripts tracked in the repository during git operations.
Evidence: startBackground uses child_process.spawn to run commands in a detached shell with redirected output to log files.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the repo manifest file.
Ingestion points: scripts/vibe.js reads configuration from .vibe.json using the loadManifest function.
Boundary markers: None. The command string is loaded and used without delimiters or warnings.
Capability inventory: The skill can execute arbitrary shell commands via spawn, modify git configurations, and open network tunnels via ngrok.
Sanitization: No validation or sanitization is performed on the command string before shell execution.
[EXTERNAL_DOWNLOADS]: The skill relies on and interacts with external network tunneling services.
Evidence: scripts/vibe.js checks for the presence of ngrok and executes it to create public URLs for local services.

vibe-coding