granola-ci-integration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that embed Authorization headers and webhook IDs (e.g., "Authorization: Bearer {{github_token}}" and curl webhook endpoints), which instruct an agent to place secret tokens directly into requests/commands if concrete values are filled in, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests user-generated Granola meeting notes via the Zapier webhook (see "Zapier Webhook Setup" and "Step 2: Parse Meeting Content") and the parsed action_items are fed into GitHub Actions and other automations, so external meeting content can directly influence automated tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The GitHub Actions workflow in the skill fetches and executes external action code at runtime (e.g., actions/checkout@v4 and actions/github-script@v7), which are remote repositories pulled and run as part of the workflow.