pp-google-photos

SUSPICIOUS. The skill is broadly aligned with Google Photos management, but it depends on externally installed CLI/MCP binaries, includes a transitive MCP install step, and supports arbitrary webhook output delivery that can exfiltrate results. Credentials and Google API access are proportionate to purpose, so this is not confirmed malicious, but the install trust and data-routing footprint make it medium risk.