amp-review
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute the "amp" command with the "--dangerously-allow-all" flag. The guidelines explicitly state: "Always use --dangerously-allow-all to bypass permission prompts." This represents a deliberate attempt to circumvent security boundaries and authorization mechanisms of the underlying tool.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill reads and processes uncommitted local changes (staged, unstaged, and untracked files) to provide feedback. This creates an attack surface where malicious code comments or content within the analyzed files could influence the agent's behavior. Evidence Chain: (1) Ingestion points: Local files via "amp review"; (2) Boundary markers: None identified in instructions; (3) Capability inventory: Command execution via "amp"; (4) Sanitization: None identified.
Recommendations
- AI detected serious security threats
Audit Metadata