viewing-immich-photo
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands via SSH (
ssh minipc "cat <path>") to retrieve files from a remote host. Direct interpolation of variables into shell strings is a known attack vector for command injection if the underlying execution environment does not properly escape shell metacharacters. - [EXTERNAL_DOWNLOADS]: The skill references configuration files from the official Immich GitHub repository (
immich-app/immich) to verify path mapping rules and volume configurations. This is a reference to well-known project documentation. - [DATA_EXFILTRATION]: The skill provides the agent with access to sensitive file system locations (
/mnt/data/immich/photos/,/var/lib/docker-data/immich/upload-cache/) that contain personal media and application cache data. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. It processes file paths and potentially metadata from an external source (the Immich storage system) which could contain malicious instructions designed to influence agent behavior. While it includes boundary markers like path traversal checks (
..), it lacks explicit sanitization for metadata processing.
Audit Metadata