The Agent Skills Directory

[COMMAND_EXECUTION]: The provided templates/docker-compose.yml file mounts the host machine's Docker socket (/var/run/docker.sock) into the container. This configuration allows the container to communicate directly with the host's Docker daemon, enabling potential host system compromise or privilege escalation.
[COMMAND_EXECUTION]: The scripts/mcp-setup.sh script programmatically modifies configuration files in the user's home directory, specifically targeting ~/.claude/claude_desktop_config.json and ~/.codex/config.toml to inject MCP server settings. This represents a significant modification of the local software environment.
[REMOTE_CODE_EXECUTION]: The skill promotes the use of npx vibe-kanban for immediate execution. This pattern downloads and executes the latest version of a package from the NPM registry at runtime, introducing a risk of supply chain attack if the remote package is compromised.
[DATA_EXFILTRATION]: The skill's backend is configured to communicate with https://api.vibekanban.com for remote client initialization. It also manages and exports highly sensitive API keys (ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY) required for the orchestrated agents to function.
[COMMAND_EXECUTION]: The skill performs automated filesystem and version control operations, including the creation and deletion of git worktrees and branches (git worktree add, git branch -D) based on dynamically generated workspace identifiers.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. It ingests untrusted task descriptions from the Kanban board which are then interpolated into the command-line arguments of powerful agent tools like Claude Code and Codex without explicit sanitization or boundary marking, potentially allowing subversion of agent behavior.

vibe-kanban