Skills
skills/composiohq/awesome-claude-skills/googlephotos-automation/Gen Agent Trust Hub

googlephotos-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION] (HIGH): The tools GOOGLEPHOTOS_UPLOAD_MEDIA and GOOGLEPHOTOS_BATCH_CREATE_MEDIA_ITEMS accept a file_to_upload parameter. This capability allows the agent to read arbitrary files from the local filesystem. A malicious prompt or indirect injection could compel the agent to upload sensitive files (e.g., ~/.ssh/id_rsa, .env files) to the photo library or an external destination.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires connection to an external, untrusted MCP server at https://rube.app/mcp. Furthermore, the url parameter in the upload tools allows the agent to fetch content from any remote URL, which can be used to bypass local security controls or pull malicious payloads.
  • [PROMPT_INJECTION] (HIGH): The skill exhibits a high-risk surface for Indirect Prompt Injection (Category 8).
  • Ingestion points: Remote content fetched via the url parameter and metadata (descriptions/titles) provided by the user or external tools.
  • Boundary markers: Absent. There are no instructions to the agent to treat fetched data or file paths as untrusted data.
  • Capability inventory: Significant capabilities including file system read access, network transmission (upload), and account modification (creating/updating albums).
  • Sanitization: None. The skill does not implement any validation or filtering of the content being processed.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:10 PM