monday
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official
@membranehq/clitool from the npm registry. This package is the primary interface for the Membrane platform and is expected for this skill's functionality. - [INDIRECT_PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection as it retrieves data from Monday.com boards and items. \n
- Ingestion points: Data enters the agent context via actions like
list-items,list-updates, andget-board. \n - Boundary markers: The instructions do not specify the use of delimiters or markers for the data retrieved from external sources. \n
- Capability inventory: The skill possesses the capability to perform write and delete operations (e.g.,
create-item,update-item-column-values,delete-board) and execute arbitrary API requests through themembrane requestproxy. \n - Sanitization: No explicit sanitization or filtering of external data is defined in the workflow instructions.
- [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to execute project management tasks. The commands are structured and restricted to the capabilities provided by the authenticated connector.
Audit Metadata