railway-cli
Pass
Audited by Gen Agent Trust Hub on Feb 12, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
Total Findings: 3
🟡 LOW Findings: • Unverifiable Dependencies (Downgraded due to Trusted Source)
- SKILL.md line 19, 22, 25: The skill instructs users to install the Railway CLI via
brew install railway,npm i -g @railway/cli, orbash <(curl -fsSL cli.new). While these are external downloads and installations, they are sourced from well-known, trusted package managers (Homebrew, npm) and the official Railway GitHub organization (railwayapp), significantly mitigating the risk. This finding is downgraded to LOW. • Persistence Mechanism - reference.md line 180: The instruction
railway completion bash >> ~/.bashrcmodifies a user's shell configuration file (.bashrc). This is a legitimate and common practice for CLI tools to enable command auto-completion, but it constitutes a persistence mechanism by altering a startup file.
🔵 INFO Findings: • Command Execution
- SKILL.md line 109, 125, 129: The skill documents powerful commands like
railway run <cmd>,railway ssh, andrailway connect.railway runexecutes arbitrary commands with Railway environment variables injected,railway sshallows shell access into service containers, andrailway connectprovides direct access to database shells. These are legitimate and intended functionalities of the Railway CLI, but they are noted as INFO to highlight their powerful nature and the potential for misuse if untrusted commands or inputs are provided by the user.
ℹ️ TRUSTED SOURCE References: • https://railway.com
- SKILL.md line 10 • https://docs.railway.com/cli.md
- SKILL.md line 12, reference.md line 3, 225 • cli.new (redirects to raw.githubusercontent.com/railwayapp/cli/master/install.sh)
- SKILL.md line 25 • https://github.com/railwayapp/cli
- SKILL.md line 199, reference.md line 226 • https://railway.com/dashboard
- reference.md line 227
Audit Metadata