Trust Assessment
deploy received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection in `railway up` arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection in `railway up` arguments The skill is declared with `Bash(railway:*)` permissions, allowing it to execute arbitrary `railway` commands. The documentation shows `railway up` being used with several arguments that are intended to be user-provided, such as the commit message (`-m`), service name (`--service`), environment name (`--environment`), project ID (`--project`), and deployment path (`[PATH]`). If the skill's underlying implementation directly interpolates these untrusted user-provided strings into the `bash` command without proper sanitization or quoting, an attacker could inject arbitrary shell commands. For example, a malicious commit message like `"; rm -rf /; #"` could lead to arbitrary code execution. Ensure all user-provided arguments passed to `railway up` (especially `-m`, `--service`, `--environment`, `--project`, and `[PATH]`) are properly escaped or quoted to prevent shell injection. For example, use `shlex.quote()` in Python or similar functions in other languages when constructing the command string. | LLM | SKILL.md:16 |
Scan History
Embed Code
[](https://skillshield.io/report/f100be16bb6c05b1)
Powered by SkillShield