vibe-kanban
Fail
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
templates/docker-compose.ymlfile includes a mount for/var/run/docker.sock. This grants the container full administrative control over the host's Docker daemon, enabling potential host system compromise and privilege escalation. - [COMMAND_EXECUTION]: The
scripts/mcp-setup.shscript programmatically modifies sensitive configuration files within the user's home directory, specifically~/.claude/claude_desktop_config.jsonand~/.codex/config.toml, to register the MCP server. - [REMOTE_CODE_EXECUTION]: The skill frequently executes
npx vibe-kanban, which downloads and runs code from the npm registry at runtime. This pattern is present in the primary instructions and thescripts/start.shandscripts/mcp-setup.shscripts. - [EXTERNAL_DOWNLOADS]: The skill depends on external resources including the
vibekanban/vibe-kanban:latestDocker image and npm packages, which are downloaded from public registries during setup and execution. - [PROMPT_INJECTION]: There is a significant surface for indirect prompt injection. The skill ingests data from external trackers and user-provided card descriptions without explicit sanitization or the use of boundary markers to prevent the agent from following instructions embedded in that data.
Recommendations
- AI detected serious security threats
Audit Metadata