vibe-kanban

Fail

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The templates/docker-compose.yml file includes a mount for /var/run/docker.sock. This grants the container full administrative control over the host's Docker daemon, enabling potential host system compromise and privilege escalation.
  • [COMMAND_EXECUTION]: The scripts/mcp-setup.sh script programmatically modifies sensitive configuration files within the user's home directory, specifically ~/.claude/claude_desktop_config.json and ~/.codex/config.toml, to register the MCP server.
  • [REMOTE_CODE_EXECUTION]: The skill frequently executes npx vibe-kanban, which downloads and runs code from the npm registry at runtime. This pattern is present in the primary instructions and the scripts/start.sh and scripts/mcp-setup.sh scripts.
  • [EXTERNAL_DOWNLOADS]: The skill depends on external resources including the vibekanban/vibe-kanban:latest Docker image and npm packages, which are downloaded from public registries during setup and execution.
  • [PROMPT_INJECTION]: There is a significant surface for indirect prompt injection. The skill ingests data from external trackers and user-provided card descriptions without explicit sanitization or the use of boundary markers to prevent the agent from following instructions embedded in that data.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 17, 2026, 07:06 AM
Security Audit — agent-trust-hub — vibe-kanban