environment

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill tells the agent to read rendered variables (which can contain secrets) and to construct railway CLI JSON-patch commands that embed variable "value" fields (e.g., "secret" or "postgres://...") via here-strings/command arguments, which requires the agent to include secret values verbatim in its generated output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly supports connecting/deploying from arbitrary GitHub repos (the "repo: owner/repo" source field) and documents that Railpack will analyze source code to auto-detect build/start settings, meaning the system can fetch and interpret untrusted, user-generated repository content.