railway-new

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports deploying from arbitrary GitHub repositories (e.g., "deploy from github.com/user/repo" and the EnvironmentConfig source.repo/branch fields) and instructs analyzing repository contents, which means the agent will fetch and interpret untrusted, user-provided third‑party code/content from the public web.