Skills
skills/itechmeat/llm-code/vibekanban/Gen Agent Trust Hub

vibekanban

Warn

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary shell commands through user-defined 'Setup', 'Dev Server', and 'Cleanup' scripts. These scripts run in the local environment and could be misused if malicious instructions are provided.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to download and execute the vibe-kanban and vibe-kanban-web-companion packages from the npm registry at runtime.
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions for the agent to run npx -y vibe-kanban@latest --mcp, which downloads and executes a remote package as a Model Context Protocol (MCP) server.
  • [DATA_EXFILTRATION]: The 'Remote Access' feature facilitates communication with cloud.vibekanban.com, allowing remote management of local workspaces. This involves sending data to an external service to link devices and host machines.
  • [CREDENTIALS_UNSAFE]: The 'Copy Files' configuration allows copying sensitive files, specifically mentioning .env files, into agent-controlled worktrees. This increases the risk of secret exposure if an agent is compromised or performs malicious actions.
  • [PROMPT_INJECTION]: The skill explicitly instructs agents to operate in 'YOLO' mode by using flags like --dangerously-skip-permissions. This bypasses platform-level safety confirmations for autonomous tool use, removing the human-in-the-loop safety check for high-risk operations.
  • [PROMPT_INJECTION]: The skill exposes a surface for Indirect Prompt Injection (Category 8).
  • Ingestion points: Task descriptions, code review comments, and chat inputs are processed by agents to perform actions.
  • Boundary markers: No specific delimiters or instructions to ignore embedded instructions in data are provided in the skill documentation.
  • Capability inventory: The skill possesses extensive local capabilities, including shell command execution, file system access via worktrees, and git operations.
  • Sanitization: There is no documentation of sanitization or validation of untrusted inputs before they are interpolated into agent prompts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 20, 2026, 07:54 PM