railway-metrics
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill uses bash scripts to interact with the Railway CLI. It employs 'jq --arg' to safely inject variables into JSON payloads and uses heredocs with single quotes, which effectively prevents shell injection attacks.
- DATA_EXFILTRATION (SAFE): The skill only accesses service metrics and configuration via official Railway tools. No sensitive local files are accessed, and no data is sent to unauthorized third-party domains.
- PROMPT_INJECTION (SAFE): No instructions were found that attempt to override system prompts or bypass safety filters.
- EXTERNAL_DOWNLOADS (SAFE): The skill identifies 'railway-cli' as a dependency, which is the official tool provided by the platform (Railway.app) for managing services.
Audit Metadata