railway
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill's operations align with its documented purpose of infrastructure management.
- [CREDENTIALS_UNSAFE]: The skill facilitates the management of sensitive environment variables.
- Evidence: The
list-variablesandset-variablestools (references/api_reference.md) are designed to interact with service secrets such asDATABASE_URLand*_API_KEY. - [COMMAND_EXECUTION]: The skill orchestrates application deployment and project lifecycle.
- Evidence: Includes tools for triggering deployments (
deploy), creating projects (create-project-and-link), and modifying environment configurations (set-variables,create-environment) in references/api_reference.md. - [EXTERNAL_DOWNLOADS]: The skill references official external resources for setup.
- Evidence: Provides links to
https://docs.railway.comfor CLI installation and documentation in SKILL.md. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through log ingestion.
- Ingestion points:
get-logs(references/api_reference.md) retrieves build and deployment logs which may contain untrusted data. - Boundary markers: Absent; the skill does not define delimiters or provide instructions to ignore embedded content within logs.
- Capability inventory: The skill has tools to modify environment variables (
set-variables) and trigger code deployments (deploy) in references/api_reference.md. - Sanitization: Absent; no content validation or escaping is performed on log data before it is presented to the agent.
Audit Metadata