The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): The skill explicitly targets ~/.local/share/amp/secrets.json, which it identifies as containing API keys (apiKey@https://ampcode.com/). This provides a direct path for an agent to expose or compromise user credentials.\n- [DATA_EXFILTRATION] (HIGH): The skill provides instructions and SQL queries to read and extract data from sensitive local paths including ~/.claude/history.jsonl, ~/.claude/projects/*/*.jsonl, and ~/.local/share/amp/threads/*.json. These files contain private user interactions and project data.\n- [COMMAND_EXECUTION] (MEDIUM): The skill provides various bash and DuckDB commands (e.g., cat, jq, read_json) to manipulate and 'mine' the identified sensitive files. While these are standard utilities, their application to private data stores constitutes a security risk.\n- [DATA_EXFILTRATION] (MEDIUM): The 'Workspace Member Discovery' section describes how to use extraction techniques to find all creatorUserID values, allowing for unauthorized reconnaissance of workspace members and their activity levels.\n- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill creates a significant attack surface by ingesting untrusted external data (thread JSON files) and processing them with powerful tools (DuckDB/Bash) without any boundary markers or sanitization, potentially allowing embedded instructions in those threads to influence agent behavior.

amp-api-awareness