The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The recommended execution command 'npx vibe-kanban' fetches and executes code directly from a remote package registry at runtime without version pinning or integrity verification.
[COMMAND_EXECUTION]: The 'templates/docker-compose.yml' file includes a volume mount for '/var/run/docker.sock'. This is a high-risk configuration that allows the container to control the host's Docker daemon, effectively providing root-level access to the host machine.
[COMMAND_EXECUTION]: The 'scripts/mcp-setup.sh' script automates the modification of user-level configuration files such as '~~/.claude/claude_desktop_config.json' and '~~/.codex/config.toml'. While intended for integration, modifying security-sensitive configuration files is a persistence-like behavior.
[DATA_EXFILTRATION]: The application communicates with a remote API at 'https://api.vibekanban.com'. The skill documentation indicates this is for remote client initialization, which may involve sending local project metadata or task details to an external server.
[PROMPT_INJECTION]: The skill possesses a significant surface for indirect prompt injection. It accepts arbitrary markdown descriptions for tasks which are then processed by AI agents with extensive capabilities, including bash execution and file system access within git worktrees. The evidence chain includes:
Ingestion points: Task description field in 'vk_create_card' (documented in 'references/mcp-api.md').
Boundary markers: None identified in the provided templates or scripts.
Capability inventory: Full shell execution via 'bash', 'git', and agent-specific CLI tools.
Sanitization: No evidence of sanitization for the task input before it is passed to the agent execution command.
[EXTERNAL_DOWNLOADS]: The skill instructions and scripts ('scripts/start.sh', 'templates/docker-compose.yml') pull external resources including npm packages and Docker images from third-party repositories.

vibe-kanban