vibekanban

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This content intentionally promotes dangerous, autonomy-first behaviors—e.g., default "dangerously_skip_permissions"/"yolo" modes, MCP/remote-access hooks, editable setup/cleanup scripts, copying of .env files, and use of npx-installed remote packages—that collectively enable remote command execution, credential exposure, data exfiltration, and supply-chain abuse if misused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly integrates with public third‑party sources (GitHub/Azure PRs & issues and MCP tools like list_issues/get_issue which surface user-generated issues, and an embedded Preview/iframe for dev servers), and those external, untrusted issue/PR/webpage contents are read and used by agents as part of task/workflow and can drive actions (e.g., prefilled PRs, agent plans, or MCP-driven operations).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime commands that fetch and execute remote packages (e.g., "npx vibe-kanban" and the MCP example "npx -y vibe-kanban@latest --mcp"), which will pull and run code from the remote package/repo (e.g. https://github.com/BloopAI/vibe-kanban), so it relies on externally fetched code executed at runtime.