Skills
skills/aradotso/trending-skills/gitbackup-github-desktop/Gen Agent Trust Hub

gitbackup-github-desktop

Warn

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The configuration for electron-store in electron/store/store.ts uses a hardcoded string "your-app-encryption-key" as the encryption key for local settings. This practice results in predictable encryption keys if users do not manually modify the source code, potentially exposing stored credentials like GitHub tokens.
  • [COMMAND_EXECUTION]: The GitService in electron/services/git.service.ts performs repository cloning by interpolating the user's GitHub Personal Access Token directly into the clone_url. This pattern can lead to tokens being exposed in shell history, process lists, or the local .git/config file, even if the code attempts to reset the remote URL immediately after the operation.
  • [EXTERNAL_DOWNLOADS]: The documentation points to the GitHub repository hiteshchoudhary/gitbackup for downloading pre-built application binaries for macOS, Windows, and Linux. This directs users to execute code from a third-party source outside of the skill author's direct control.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 03:19 PM