use-railway
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and execute the Railway CLI installation script from 'railway.com'. As this is an official domain for a well-known service, it is considered safe.
- [COMMAND_EXECUTION]: The skill includes several Python and Bash scripts that execute local shell commands. These scripts invoke the 'railway' CLI and various database clients (psql, mysql, mongosh, redis-cli) to gather metrics and perform administrative tasks. These operations are core to the skill's functionality.
- [CREDENTIALS_UNSAFE]: The 'railway-api.sh' script and 'dal.py' helper read the user's Railway authentication token from the local file '~/.railway/config.json'. This token is used exclusively to authenticate requests to the official Railway GraphQL API.
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze potentially untrusted data such as database logs and status outputs. While this represents a surface for indirect prompt injection, the risk is mitigated by specific instructions directing the agent to analyze the data rather than execute instructions found within it. Additionally, sensitive operations like installing database extensions require explicit user confirmation via an interactive terminal.
Audit Metadata