granola
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses the local Granola application cache file at
~/Library/Application Support/Granola/cache-v3.json. This access is required for the primary function of querying meeting data and is performed entirely locally without any network exfiltration. - [COMMAND_EXECUTION]: The provided Python script (
granola.py) manages the synchronization process. It uses Python's standard libraries and incorporates character filtering to prevent path traversal when generating filenames for meeting notes. - [SAFE]: No obfuscation, remote code downloads, or hidden instructions were found in the skill's code or metadata.
Audit Metadata