monday-com
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a shell script
scripts/monday_api.shto interact directly with the Monday.com GraphQL API. The script securely manages the API token by reading it from.envor.env.localfiles and includes error handling for authentication and rate limits. - [EXTERNAL_DOWNLOADS]: Instructions are provided to configure an MCP server using
npx @mondaydotcomorg/monday-api-mcp@latest. This fetches and executes a package from the official Monday.com organization on the npm registry. - [REMOTE_CODE_EXECUTION]: The skill supports a hosted MCP server at
https://mcp.monday.com/mcp, which is an official service endpoint provided by Monday.com. - [PROMPT_INJECTION]: The skill processes external data from Monday.com boards and items, creating a potential surface for indirect prompt injection.
- Ingestion points: Board items, updates (comments), and schemas fetched via
scripts/monday_api.shand MCP tools likeget_board_items_page. - Boundary markers: Not explicitly defined in the prompt templates to distinguish between instructions and ingested data.
- Capability inventory: Subprocess execution (via shell script), network operations (API calls), and data modification (mutations) within the workspace.
- Sanitization: No specific sanitization or validation of the content of Monday.com item names or comments is mentioned before processing.
Audit Metadata