The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill uses the command railway variable list --kv to collect evidence, which retrieves and displays all environment variables in plain text. These variables routinely contain highly sensitive information such as database credentials (DATABASE_URL), API keys, and third-party authentication tokens.
[COMMAND_EXECUTION]: The skill instructs the agent to execute administrative Railway CLI commands that modify the deployment environment, including railway variable set for altering configuration and railway up for deploying code. It also references railway ssh, which provides remote shell access to the running environment.
[PROMPT_INJECTION]: The workflow relies on reading output from railway logs, which is an external ingestion point for untrusted data. There are no boundary markers or sanitization steps mentioned. Because the skill also possesses high-privilege capabilities like railway up and railway variable set, it is vulnerable to indirect prompt injection where malicious content in the logs could manipulate the agent's behavior.

railway-deploy