database
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill's API helper script reads the user's Railway authentication token from the local filesystem. Evidence:
TOKEN=$(jq -r '.user.token' "$CONFIG_FILE")inscripts/railway-api.sh. - [COMMAND_EXECUTION] (MEDIUM): The skill executes complex bash scripts via heredocs to interact with the Railway CLI and API. Evidence: Multiple instances of
bash <<'SCRIPT'inSKILL.md. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection as it ingests project data without sanitization or boundary markers. Evidence Chain: 1. Ingestion point:
railway status --jsoninSKILL.md; 2. Boundary markers: Absent; 3. Capability inventory: Subprocess calls to bash and curl; 4. Sanitization: Absent.
Audit Metadata