railway
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to install the '@railway/cli' package globally using npm if not present. This downloads and executes code from the npm registry.
- [COMMAND_EXECUTION] (MEDIUM): Extensive use of shell commands through the Railway CLI and curl to manage infrastructure and check health. Includes a 'connect' command for database access.
- [CREDENTIALS_UNSAFE] (LOW): Specifically accesses and manages environment variables ('railway variables'). Although redaction is requested, the agent has raw access to these secrets.
- [PROMPT_INJECTION] (LOW): Vulnerable to indirect prompt injection via application logs ('railway logs') or commit messages ('railway deployment list'). Evidence: 1. Ingestion: Logs and deployment metadata. 2. Boundaries: None specified for log output. 3. Capabilities: Bash, WebFetch. 4. Sanitization: Redaction policy for env vars only; no sanitization for log content.
Audit Metadata