sales-granola
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill provides comprehensive documentation and guidance for the Granola platform, including setup instructions, troubleshooting, and API usage.
- [DATA_EXPOSURE]: The skill correctly uses placeholders for sensitive data (e.g.,
grn_YOUR_API_KEY) and provides instructions on how users should securely generate their own keys within the official Granola application. - [EXTERNAL_DOWNLOADS]: The skill references the official Granola API domain (
public-api.granola.ai) and documentation sites. It mentions an installation command for related tools (npx skills add sales-skills/sales) that aligns with the author's verified namespace. - [PROMPT_INJECTION]: Instructions focus on gathering context and routing user queries to appropriate sub-skills. No behavior-overriding patterns or jailbreak attempts were found.
- [INDIRECT_PROMPT_INJECTION]: The skill uses a local file (
references/learnings.md) to store accumulated knowledge. While this is an ingestion surface, it is a standard pattern for context-aware agents and does not include unsafe interpolation of unvalidated external data.
Audit Metadata