Critical-risk tools in Immich
6 of the 43 tools in Immich are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
immich_activities_deleteDestructiveDelete a comment or like by activity ID.
-
immich_albums_deleteDestructiveDelete an album. This does not delete the assets inside it.
-
immich_assets_deleteDestructiveDelete one or more assets. Set force=true to permanently delete (skip trash). Always use dry_run=true first to preview.
-
immich_duplicates_deleteDestructiveimmich_duplicates_delete
-
immich_shared_links_removeDestructiveRemove a shared link, revoking access to its content.
-
immich_tags_deleteDestructiveDelete a tag by ID.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.