granola-webhooks-events

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts Granola webhook events (via Zapier or the /webhook/granola endpoints) containing user-generated meeting notes (note.created/note.updated payloads) which the code (process_new_note/handleNewNote) parses and uses to create GitHub issues, post to Slack, and drive other actions, so untrusted third-party content can directly influence agent behavior.