amp-skill

The Amp-Skill documentation describes a legitimate analytics capability that processes local Amp file-change diffs and indexes interruption/revert patterns in DuckDB. There is no direct evidence of deliberate malicious code (no exfiltration, obfuscation, or network C2) in the supplied fragment. Primary security risks are operational: broad local file read access including sensitive file types, lack of documented integrity checks and access controls, and an invocation pattern (bb scripts/amp_thread_loader.bb) that could execute arbitrary commands if run unreviewed. Special attention should be given to any surfaced sensitive artifacts (e.g., capability-signer-prototype.sh) before re-applying or executing them. Recommended mitigations: review and audit the loader implementation before execution, add read-only/dry-run import modes, enforce confirmation prompts or sandboxing before editing/executing recovered files, and add provenance/integrity checks and ACLs for dataset scope.