granola-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily educational documentation for setting up webhook integrations. It does not contain any executable malicious code, hardcoded credentials, or exfiltration logic.
- [PROMPT_INJECTION]: The skill documents an interface for ingesting external meeting note data. While this creates a potential surface for indirect prompt injection if the meeting content contains instructions, the documentation itself is benign and does not contain malicious prompts. Ingestion points: Webhook JSON payloads described in SKILL.md. Boundary markers: None present in the documentation examples. Capability inventory: Bash(curl:*), Write, Edit tools are enabled. Sanitization: No content sanitization or validation logic is included in the provided code examples.
Audit Metadata