deploy-railway
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill uses
npm install -g @railway/clito install the Railway CLI. While Railway is a reputable PaaS provider, it is not included in the predefined list of trusted organizations, making this an unverifiable external dependency. - COMMAND_EXECUTION (LOW): The skill heavily relies on the
Bashtool to execute Railway CLI commands (railway up,railway run, etc.). These operations are necessary for the skill's primary purpose of deployment but represent a significant capability surface. - CREDENTIALS_UNSAFE (LOW): The skill instructions include patterns for reading sensitive data from
.env.productionand retrieving connection strings viarailway variables get DATABASE_URL. While no hardcoded secrets are present, the skill is designed to handle and manipulate credentials, which requires careful agent handling to prevent accidental exposure. - INDIRECT_PROMPT_INJECTION (LOW): The skill possesses a vulnerability surface for indirect injection.
- Ingestion points: Reads environment files (
.env.production) and local repository content during deployment. - Boundary markers: None specified in the instructions.
- Capability inventory: Full
Bashaccess, network operations via CLI (railway up), and command execution within environments (railway run). - Sanitization: No evidence of sanitization or validation of the data being processed.
Audit Metadata