monday-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a configuration-based extension that uses instructions rather than executable code to facilitate Monday.com operations through a third-party MCP provider.
- [EXTERNAL_DOWNLOADS]: The skill references a remote MCP server endpoint (
https://rube.app/mcp) which is the standard service delivery method for Rube/Composio tools. This reference is documented neutrally as it is essential for the skill's stated functionality. - [SAFE]: Authentication is handled via the
RUBE_MANAGE_CONNECTIONSworkflow, which uses Monday.com OAuth rather than requiring hardcoded API keys or secrets within the skill itself. - [PROMPT_INJECTION]: A theoretical indirect prompt injection surface exists because the skill reads content from Monday.com boards (external data) and possesses write capabilities (item updates, GraphQL mutations).
- Ingestion points:
MONDAY_LIST_BOARD_ITEMS,MONDAY_ITEMS_PAGE,MONDAY_LIST_SUBITEMS_BY_PARENTinSKILL.md - Boundary markers: Not explicitly defined in the prompt templates.
- Capability inventory: Includes item creation, column updates, and raw GraphQL mutations via
MONDAY_CREATE_OBJECT. - Sanitization: Not explicitly implemented in the instruction text. This is considered a low-risk inherent characteristic of automation tools rather than a malicious defect.
Audit Metadata