Photos

Before installing, consider the following: - Backup: Back up a sample of your photo library before running any bulk operations. - Local vs remote analysis: Ask the skill author (or confirm in your agent configuration) whether 'vision analysis' and reverse geocoding run entirely locally. If the agent will send images or GPS coordinates to external APIs, you may expose sensitive location/person data. - Face recognition: The SKILL.md calls for automatically tagging faces once a user identifies someone. This is biometric processing with privacy and legal implications; disable or require explicit consent per-person if you are uncomfortable. - API keys: The skill lists no required credentials, but reverse geocoding and cloud vision usually need API keys. Decide which geocoding/vision providers to use and provide your own credentials if you want control over where data goes. - Tools: Ensure exiftool is installed. If you need HEIC conversion, install sips (macOS) or heif-convert (Linux) as needed; the skill mentions these but does not require them explicitly. - Data handling: The skill's safety rules (never overwrite originals, move deletes to .photo-trash, keep sidecars) are good. Confirm the exact path the skill will use for .photo-index/.photo-trash and whether it will index network mounts. - Least privilege: If possible, run the skill on a test folder first and restrict it to only the directory you want indexed rather than your whole photos root. If you need help deciding, ask the skill author how they perform vision/geocode operations (local model vs which cloud provider) and whether they will ever transmit raw image data or GPS coordinates to third parties. If they cannot provide a clear answer, treat the skill as privacy-sensitive and avoid granting it broad access to your entire photo library.