Skills
skills/daydreamsai/skills-market/railway-deploy/Gen Agent Trust Hub

railway-deploy

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill constructs shell commands by interpolating user-provided variables such as agent names, usernames, and project IDs. Evidence: Commands like gh repo create <username>/<agent-name> and railway add -s <agent-name> in SKILL.md directly insert user strings into the shell. Ingestion points: user-provided placeholders (, , ); Boundary markers: none; Capability inventory: subprocess calls to gh, railway, git, and curl; Sanitization: none. This creates a surface for command injection if the inputs are not properly sanitized by the agent.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of external command-line tools from well-known services. Evidence: The instructions include npm install -g @railway/cli and brew install gh. These are legitimate tools provided by Railway and GitHub respectively and are documented as standard prerequisites for the deployment task.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 02:15 PM