observability-railway-deploy
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill references and intends to execute two shell scripts: scripts/deploy-to-railway.sh and scripts/get-railway-urls.sh. These scripts are not included in the provided file list, which constitutes a security blind spot as the actual logic being executed remains hidden.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The workflow relies on Template 8TLSQD from Railway. Relying on remote, unversioned templates can lead to supply chain attacks if the template is modified or hijacked by an attacker.
- [PROMPT_INJECTION] (MEDIUM): The skill possesses an Indirect Prompt Injection surface by ingesting external CLI outputs to generate configuration for Claude Code. If the template or Railway environment is compromised, the generated configuration could be used to influence downstream agent behavior.
- [NO_CODE] (INFO): The functional logic is entirely abstracted into external scripts not present in the skill package, preventing a full static analysis of the execution flow.
Audit Metadata