use-railway

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs retrieving bucket credentials and then configuring S3 variables (e.g., "get credentials" and "set S3 variables on app service"), which implies reading secret access/secret keys and embedding them into variable-set commands or outputs, creating a risk of verbatim secret exposure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to fetch and interpret community content via Central Station (e.g., curl calls to https://station-server.railway.com/gql and https://station.railway.com/... in references/request.md), which are public, user-generated threads the agent is expected to read and may use as evidence for operational decisions, exposing it to untrusted third‑party content.