railway-project-management

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and CLI usage that embed secret values inline (e.g., railway variables set API_KEY=secret123, --sealed STRIPE_KEY=sk_live_...), which would require the agent to include secrets verbatim in generated commands or outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly pulls and auto-deploys code from public, user-generated sources (e.g., "railway add --repo owner/repo" and auto-created PR environments), so the agent will fetch and act on untrusted third‑party repository/PR content.