granola

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The sync script (scripts/sync.py) and SKILL.md explicitly fetch meeting transcripts and notes from the Granola API (https://api.granola.ai/v1 via fetch_documents/fetch_document_transcript) and save/format those user-generated meeting contents for the agent to read, which is untrusted third-party data that could contain instructions influencing agent decisions.