amp-close

[Skill Scanner] Skill instructions include directives to hide actions from user The amp-close fragment outlines a coherent, multi-tool session-closure workflow that preserves context for cross-harness continuity. It is not inherently malicious, and its data flows are contained to local artifacts plus standard tooling. Treat as BENIGN but impose stronger data governance (access controls, retention, and integrity checks) to mitigate risks from the ritualized, multi-tool orchestration. LLM verification: Verdict: Benign with CAUTION. The amp-close fragment aligns with its stated purpose of closing Amp sessions, persisting memory, and preparing cross-session handoffs via garde indexing. It relies on local tooling and explicit artifacts, with no apparent credential exfiltration or network-based payloads. However, due to pervasive filesystem writes and multi-tool orchestration, it should be reviewed for user consent prompts, explicit logging, and clear visibility of disk writes to prevent silent ch