railway-domain
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill depends on 'railway-cli'. Since the author 'Railway' is not in the specific list of trusted organizations, this dependency is classified as unverifiable.
- COMMAND_EXECUTION (SAFE): The skill executes 'railway' commands via a Bash tool. These operations are core to the skill's intended functionality for infrastructure management.
- DATA_EXFILTRATION (SAFE): Sensitive data access is mitigated by setting 'decryptVariables: false' in GraphQL queries, preventing the exposure of encrypted environment variables.
- PROMPT_INJECTION (LOW): The skill has an indirect prompt injection surface.
- Ingestion points: Data returned from 'railway domain --json' and user-provided domain names.
- Boundary markers: None (delimiters are not used to separate untrusted data from instructions).
- Capability inventory: Ability to run bash commands ('railway:*').
- Sanitization: No input validation or output sanitization is performed on the data handled by the skill.
Audit Metadata