ah-finalize-code
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands for environment initialization and validation, including git operations such as 'git branch', 'git status', 'git fetch', and 'git merge-base' in the 'SKILL.md' file.
- [COMMAND_EXECUTION]: It instructs subagents to run local project commands including 'pnpm preflight', 'pnpm test:coverage', and 'pnpm docs:generate' to verify code quality and generate documentation.
- [DATA_EXFILTRATION]: The skill interacts with remote git repositories through 'git fetch' and automated pull request creation via the '/ah-create-pr' subagent, which is consistent with its primary purpose as a PR finalization tool.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) where metadata extracted from local files is interpolated into instructions for subagents.
- Ingestion points: Metadata fields such as 'Base Branch' and 'Issue Number' are read from 'specs/${BRANCH_NAME}/spec.md' and used to configure subagents.
- Boundary markers: The instructions do not define explicit boundary markers or delimiters when interpolating metadata into subagent prompts.
- Capability inventory: The skill can execute shell commands (git, pnpm), modify files in the user's home directory ('~/.agents/arinhub/'), and invoke tools for code modification and PR creation.
- Sanitization: Basic shell translation is applied to the branch name variable for path safety, though internal metadata fields are interpolated without further validation.
Audit Metadata