heroku
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses the 'membrane' CLI to perform administrative tasks on Heroku, such as managing apps, dynos, and configuration variables.
- [EXTERNAL_DOWNLOADS]: Installs the '@membranehq/cli' package from the NPM registry. This is a vendor-owned resource associated with the author (membrane/membranedev).
- [PROMPT_INJECTION]: The skill interacts with the Heroku API, creating a surface for indirect prompt injection where malicious instructions could be embedded in app names, process lists, or config variables. * Ingestion points: Fetches data through 'membrane action list' and 'membrane request' commands. * Boundary markers: No explicit instructions are provided to the agent to ignore or delimit embedded commands in retrieved data. * Capability inventory: The skill can modify the user's infrastructure via 'membrane action run' and 'membrane request' (supporting POST, PUT, PATCH, and DELETE methods). * Sanitization: No data sanitization or validation of the retrieved Heroku content is specified.
Audit Metadata