blink-granola
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process untrusted data from meeting notes and transcripts.
- Ingestion points: Data enters the agent context through the
query_granola_meetings,get_meetings, andget_meeting_transcripttools defined inSKILL.md. - Boundary markers: The instructions do not define explicit delimiters or instructions to the agent to ignore any command-like text found within the meeting content.
- Capability inventory: The skill primarily performs read operations on meeting data via the
composio_granolaconnector. It does not appear to have file-write or arbitrary code execution capabilities. - Sanitization: There is no evidence of sanitization or filtering of the meeting content before it is processed by the agent.
Audit Metadata