Skills
skills/mikr13/secure-server-setup-skills/backup-strategy/Gen Agent Trust Hub

backup-strategy

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): Multiple scripts perform high-privilege operations on sensitive system paths.
  • scripts/backup-full.sh archives /root, /etc, and /home, which contain sensitive configurations and user data.
  • The scripts use rm to delete files identified by find without explicit user confirmation within the logic.
  • [DATA_EXFILTRATION] (MEDIUM): scripts/backup-to-s3.sh facilitates the transfer of local data to an external S3 bucket.
  • While intended for backup, this capability could be used to exfiltrate the sensitive system archives created by the other scripts in the skill.
  • [EXTERNAL_DOWNLOADS] (LOW): references/backup-locations.md includes instructions to install external software and dependencies from public registries.
  • Evidence: Commands such as sudo apt install awscli and sudo pip3 install b2 are suggested to the agent/user.
  • [CREDENTIALS_UNSAFE] (LOW): scripts/backup-mysql.sh handles database credentials in an insecure manner.
  • Evidence: The script passes the database password directly to mysqldump using the -p"$DB_PASS" flag, which makes the secret visible to other users on the system via process monitoring tools like ps.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:25 PM