The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill retrieves content from public community threads on Railway's Central Station. User-generated content in these threads could contain adversarial instructions designed to influence the agent's behavior. Evidence: The skill reads from ingestion points such as https://station-server.railway.com/api/threads/:slug and lacks explicit boundary markers or sanitization logic to separate this untrusted data from internal instructions. The capability inventory includes Bash tools (curl, jq) which the agent could be directed to use maliciously if the ingested content is successful in an injection attack.
[External Downloads] (LOW): The skill uses curl to interact with station-server.railway.com and station.railway.com to fetch thread data and configuration details. These domains, along with railpack.com referenced in documentation, are not included in the predefined trusted external source list.
[Command Execution] (LOW): The skill is configured to execute curl and jq commands via Bash. While these are necessary for its primary purpose of searching and parsing Railway API data, they represent a capability surface that should be monitored for unexpected command construction.

central-station