railway-projects
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution (SAFE): The skill uses the
railwayCLI and a local helper script to perform project operations such as listing, linking, and updating configuration. These actions are well-defined and align with the skill's stated goals. - Prompt Injection (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted metadata (project names and descriptions) from the Railway API.
- Ingestion points: Data returned by
railway list --jsonandrailway status --jsonis ingested and summarized by the agent. - Boundary markers: Absent; there are no specific delimiters or instructions used to isolate the JSON data from the agent's core instructions.
- Capability inventory: The skill allows for significant project modifications, including changing visibility (public/private) and enabling PR deployments, which could be exploited if an injection is successful.
- Sanitization: Absent; the skill relies on the LLM to process and simplify raw JSON output without pre-validation or escaping.
Audit Metadata