monday-automation

SUSPICIOUS: The skill is purpose-aligned and uses a verifiable official Composio/Rube MCP endpoint, so it does not look malicious. Risk comes from routing Monday OAuth-backed operations and workspace data through a third-party MCP intermediary, plus broad write capabilities and raw GraphQL passthrough that could affect many Monday resources.