pp-google-photos
Pass
Audited by Gen Agent Trust Hub on May 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
google-photos-pp-clibinary usingnpxfrom the@mvanhornnpm scope andgo installfrom themvanhornGitHub repository. These sources are owned by the skill's author. - [DATA_EXFILTRATION]: The CLI includes a
--deliverflag that supports awebhook:<url>sink, which POSTs command results to a specified URL. While this is a documented feature for integration, it constitutes a network egress path for user data retrieved from the Google Photos API. - [CREDENTIALS_UNSAFE]: The tool manages OAuth authentication for Google Photos. It stores tokens locally and provides dedicated commands for managing these accounts, such as
auth list,auth use, andauth remove. - [COMMAND_EXECUTION]: The skill utilizes shell commands through the
Read Bashtool to perform operations. This includes diagnostic tasks and a feedback mechanism that can optionally transmit data to a remote endpoint if theGOOGLE_PHOTOS_FEEDBACK_ENDPOINTenvironment variable is configured.
Audit Metadata