pp-granola
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a CLI tool via 'npx -y @mvanhorn/printing-press', which downloads and executes external code from the npm registry.
- [COMMAND_EXECUTION]: The skill relies on executing the 'granola-pp-cli' binary through the shell to perform its core functions.
- [DATA_EXFILTRATION]: The CLI includes a built-in feature '--deliver webhook:' that allows the transmission of meeting content, summaries, and transcripts to any external URL provided as an argument.
- [CREDENTIALS_UNSAFE]: The CLI accesses the macOS Keychain to retrieve encrypted Granola authentication tokens and supports the use of the 'GRANOLA_WORKOS_TOKEN' and 'GRANOLA_API_KEY' environment variables for authentication.
Audit Metadata