railway-service

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill accepts and configures arbitrary public third‑party sources—explicitly allowing GitHub repos (source.repo), public Docker images, and image/icon URLs (e.g., example URLs and devicons.railway.app)—which are untrusted user‑provided content the agent/platform will ingest or display as part of its workflow.