granola
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive local files, specifically authentication tokens in
~/Library/Application Support/Granola/supabase.jsonand meeting metadata incache-v4.json. This access is required for the skill's primary function of retrieving and exporting meeting content.- [DATA_EXFILTRATION]: Authentication tokens and meeting identifiers are transmitted to the official Granola API atapi.granola.ai. This behavior is transparently documented and consistent with the vendor's service requirements.- [COMMAND_EXECUTION]: The skill utilizes Python scripts to query local data and manage exports. It also includes a shell script (sync.sh) used for automating the export process.- [PERSISTENCE]: The documentation includes instructions for creating a macOS LaunchAgent (com.user.granola-sync.plist) to run the synchronization script every 15 minutes. This is a standard and well-documented method for background automation on macOS.
Audit Metadata