railway-deploy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and commands that embed tokens and credentials inline (e.g., RAILWAY_TOKEN=xxx, railway variable set DATABASE_URL=postgres://user:pass@host..., and a shown DATABASE_URL with "abc123"), which instructs the agent to include secret values verbatim in commands and outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (Task F: "Logs & Debugging" and Example 3) instructs the agent to fetch and read runtime/build logs via railway logs (and to probe a health URL with HTTP requests), which are untrusted, user-generated outputs from third-party deployments and are then used to decide actions like redeploys, variable changes, or rollbacks.