railway-docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSNO_CODEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to fetch and process external content from docs.railway.com and railway.com to assist with infrastructure configuration. While these are official domains, this pattern introduces an indirect prompt injection surface where external content could theoretically influence the agent's output and recommendations for high-privilege operations. -- Ingestion points: Multiple URLs listed in SKILL.md (e.g., llms-docs.md, llms.txt). -- Boundary markers: Absent. There are no instructions for the agent to delimit or ignore instructions contained within the fetched content. -- Capability inventory: The documentation provides templates for modifying services, environment variables, and build settings via the Railway CLI (environment-config.md). -- Sanitization: Absent. There is no mention of validating or filtering the fetched documentation.
- [No Code] (SAFE): The skill consists entirely of Markdown files and does not include any automated scripts, binary files, or package dependencies.
Audit Metadata