moai-baas-railway-ext
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes external content from the Context7 library to automate architecture design.
- Ingestion points: Uses mcp__context7__get-library-docs to fetch documentation within the RailwayArchitectOptimizer logic in SKILL.md.
- Boundary markers: No specific delimiters or safety instructions are used to separate external documentation from the skill's core logic.
- Capability inventory: The skill utilizes powerful tools including Bash, Write, Edit, and WebFetch.
- Sanitization: There is no evidence of content sanitization or validation for the data returned by the external tools.
- [EXTERNAL_DOWNLOADS]: The CI/CD workflow documentation includes the installation of the @railway/cli tool from the npm registry, which is a standard package from a well-known service.
Audit Metadata