Skills
skills/railwayapp/railway-skills/service/Gen Agent Trust Hub

service

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • CREDENTIALS_UNSAFE (HIGH): The helper script scripts/railway-api.sh reads sensitive credentials (user.token) from the Railway configuration file located at ~/.railway/config.json.
  • DATA_EXFILTRATION (HIGH): The authentication token is sent to the external domain backboard.railway.com via curl. Although this is the official Railway API, the pattern of reading and transmitting secrets is classified as high severity.
  • COMMAND_EXECUTION (LOW): The skill frequently executes bash scripts and the railway CLI to perform its functions.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). Evidence: 1. Ingestion points: railway status --json output. 2. Boundary markers: No delimiters or warnings used for external data. 3. Capability inventory: API interaction via scripts/railway-api.sh allowing service creation and modification. 4. Sanitization: None present for the content of ingested data fields.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 04:35 PM