blink-granola

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process untrusted data from meeting notes and transcripts.
  • Ingestion points: Data enters the agent context through the query_granola_meetings, get_meetings, and get_meeting_transcript tools defined in SKILL.md.
  • Boundary markers: The instructions do not define explicit delimiters or instructions to the agent to ignore any command-like text found within the meeting content.
  • Capability inventory: The skill primarily performs read operations on meeting data via the composio_granola connector. It does not appear to have file-write or arbitrary code execution capabilities.
  • Sanitization: There is no evidence of sanitization or filtering of the meeting content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 05:42 AM
Security Audit — agent-trust-hub — blink-granola