use-railway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and read public, user-generated Railway community content (Central Station) via curl calls in references/request.md (e.g., https://station-server.railway.com/gql and https://station-server.railway.com/api/threads/), which the agent is expected to interpret and may materially influence actions, so it exposes the agent to untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains a runtime installation command "bash <(curl -fsSL cli.new)" which fetches and directly executes a remote shell script from cli.new as a way to install the Railway CLI (a primary runtime dependency), so this is a clear remote-code-execution risk.