use-railway
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the official Railway CLI tool and a local shell script (scripts/railway-api.sh) to execute infrastructure management commands.
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the Railway CLI via a trusted vendor domain (cli.new) and references official documentation at docs.railway.com.
- [CREDENTIALS_UNSAFE]: The API helper script access the user's Railway authentication token from the standard local configuration file (~/.railway/config.json) to authorize requests to Railway's official GraphQL API.
- [PROMPT_INJECTION]: The skill includes functionality to read and search service logs and deployment status, which presents a surface for indirect prompt injection from untrusted log data; however, no malicious triggers were identified, and the risk is considered inherent to log management tools.
Audit Metadata