status
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests JSON output from the
railway statuscommand and processes it without explicit boundary markers or sanitization, creating a surface where malicious project or service names could influence the agent's logic. * Ingestion points: Output fromrailway status --jsonin SKILL.md. * Boundary markers: Absent for the interpolation of CLI output into the prompt. * Capability inventory: Extensive infrastructure management viaBash(railway:*), including service and volume deletion as documented in references/environment-config.md. * Sanitization: None provided for the processed CLI output. - External Downloads (LOW): The skill instructs the user to install the
@railway/clipackage vianpmorbrew, which involves downloading and executing third-party software. - Command Execution (SAFE): The skill uses
Bashto interact with the Railway CLI and system commands (command,which) to verify environment state. While broad, these actions are consistent with the skill's management purpose.
Audit Metadata