immich
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill reads local files and sends them to a user-defined endpoint (base_url). This behavior is the stated core functionality for uploading media to an Immich server.
- [CREDENTIALS_UNSAFE]: The skill manages Immich API keys via a configuration file (agent_config.toml). This is a secure practice for managing secrets in a local environment.
- [EXTERNAL_DOWNLOADS]: The skill uses the yt-dlp library to download media from remote URLs provided by the user. This is an intended feature for remote asset ingestion and uses a well-known library.
- [COMMAND_EXECUTION]: The skill allows execution of the immich CLI tool via uv run and performs local file deletions via path.unlink() when the batch-upload command is used. These operations are consistent with its purpose as a media management tool.
Audit Metadata