deployment
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted data from application and build logs into the agent's context.
- Ingestion points: Multiple commands such as
railway logsandrailway logs --buildinSKILL.mdfetch external log data. - Boundary markers: There are no delimiters or 'ignore embedded instructions' markers used when presenting log data to the agent.
- Capability inventory: The skill possesses the capability to modify the environment via
railway redeploy,railway restart, andrailway down(SKILL.md). - Sanitization: No sanitization of log content is specified, allowing potential instructions embedded in logs (e.g., from a web request error) to reach the LLM.
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the
railwayCLI for infrastructure management. While theallowed-toolsdefinitionBash(railway:*)is broad, the instructions and examples provided focus correctly on deployment lifecycle management and do not include malicious command patterns.
Audit Metadata