monday
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted data from the Monday.com API that could contain malicious instructions. Ingestion points: JSON responses from api.monday.com (e.g., board, item, and group names). Boundary markers: Absent. Capability inventory: Subprocess execution of curl and jq. Sanitization: Absent.
- [SAFE]: Sensitive credentials like MONDAY_API_TOKEN are managed via environment variables rather than being hardcoded in scripts.
- [SAFE]: All network operations target the official, well-known Monday.com API domain.
Audit Metadata