The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill utilizes the railway CLI through a Bash tool to perform legitimate management tasks such as listing deployments, viewing logs, and restarting services. These operations are consistent with the skill's stated purpose.
[PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) due to the combination of untrusted data ingestion and high-privilege write capabilities.
Ingestion points: The skill explicitly instructs the agent to read application and build logs using railway logs (found in SKILL.md). Logs are external data that can be influenced by an attacker if they can trigger log entries in the managed application.
Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent ignores instructions potentially embedded within the log output.
Capability inventory: The skill allows the agent to execute impactful commands including railway redeploy, railway down, and railway environment edit (which can modify secrets or delete services via isDeleted: true).
Sanitization: No sanitization or validation of log content is performed before the agent processes it, allowing malicious instructions in logs to potentially influence the agent's next actions.

deployment