This plugin contains markdown files only (skills, rules, documentation). There is no executable code, no MCP server, and no runtime dependencies beyond pytest for development.

The primary security concern is accidental exposure of Monday.com API tokens in source files, which the monday-api-token-safety rule actively flags.

If you discover a security issue, please report it via GitHub Security Advisory.

Do not open a public issue for security vulnerabilities.

• Acknowledgment: Within 48 hours
• Triage: Within 7 days
• Fix: Depends on severity; critical issues prioritized

• Never commit real API tokens to version control
• Use .env files with .gitignore protection
• Review the monday-api-token-safety rule's guidance
• Rotate tokens if you suspect exposure
• Use scoped tokens with minimum required permissions