This plugin contains markdown files only (skills, rules, documentation). There is no executable code, no MCP server, and no runtime dependencies beyond pytest for development.
The primary security concern is accidental exposure of Monday.com API tokens in source files, which the monday-api-token-safety rule actively flags.
| Version | Supported |
|---|---|
| 0.1.x | Yes |
If you discover a security issue, please report it via GitHub Security Advisory.
Do not open a public issue for security vulnerabilities.
- Acknowledgment: Within 48 hours
- Triage: Within 7 days
- Fix: Depends on severity; critical issues prioritized
- Never commit real API tokens to version control
- Use
.envfiles with.gitignoreprotection - Review the
monday-api-token-safetyrule's guidance - Rotate tokens if you suspect exposure
- Use scoped tokens with minimum required permissions