Research, plan, and execute large code changes with parallel PR-producing agents.
This skill is an open-source prompt-only orchestration skill with no declared secrets or fixed remote endpoints, so the overall risk is low. The main security consideration is that it can drive agents to read and modify a local Git repository at scale and orchestrate branches/PRs, which is a capability-boundary concern rather than a clear red flag.
The material explicitly states that no keys or environment variables are required, and the README does not ask the user to provide extra tokens. Credential risk mainly depends on whether the host platform already has Git/PR-related auth configured, but the material itself does not show credential collection, exfiltration, or misuse.
No remote endpoints are declared, and the system checks list no network host; as a prompt-only skill, the material does not define a clear path for sending user data to third-party services. The README mentions creating PRs, but that appears to rely on existing host environment integrations rather than a skill-defined exfiltration target.
The README explicitly instructs running `git rev-parse --is-inside-work-tree` and describes launching research/worker agents, making parallel changes in isolated branches, and opening PRs. This means the skill is intended to drive local commands, version-control operations, and multi-agent orchestration; that is a normal capability for this type of tool and warrants caution, but there is no evidence of system permissions exceeding the stated purpose.
The core purpose of this skill is to perform large-scale changes across a codebase, so it is expected to broadly read repository contents, analyze call sites, and modify multiple files, branches, and commit contexts. Based on the material, the access scope is mainly the current Git repository, with no sign of requesting unrelated local resources or excessive permissions.
The source is the GitHub repository microsoft/amplifier-bundle-skills and is marked open-source, which improves auditability and is a clear risk-reducing factor. However, the listing shows 0 stars, unknown maintenance status, and no declared license, so community validation and maintenance signals are limited; supply-chain risk is therefore best rated as caution rather than high risk.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "mass-change" skill from askskill: 1. Download https://raw.githubusercontent.com/microsoft/amplifier-bundle-skills/main/skills/mass-change/SKILL.md 2. Save it as ~/.claude/skills/mass-change/SKILL.md 3. Reload skills and tell me it's ready
Research all usages of the legacy payment API in this repository, create a safe migration plan and validation steps, then split the work across isolated agents to update files in parallel. Each agent should handle only part of the codebase, open its own PR, and report risks, test results, and rollback suggestions.
A set of module-based PRs with a migration plan, impact analysis, test results, and merge recommendations.
Analyze the current logging formats and instrumentation across all services, design a unified logging standard, and update each service in parallel to adopt it. Have each isolated agent own one service, open a separate PR, and produce a change log plus potential compatibility issues.
Separate PRs for each service, along with the standard specification, compatibility assessment, and rollout checklist.
Review version and configuration differences of the test framework across the repository, create an overall upgrade plan from the old version to the new one, then have multiple agents upgrade by directory in parallel, fix breaking changes, and open PRs. Finally, summarize which PRs are safe to merge and which need manual review.
Directory-based upgrade PRs, notes on breaking-change fixes, and recommendations on merge priority.
You are orchestrating a large, parallelizable change across this codebase.
$ARGUMENTS
Check 1 — Arguments present.
If $ARGUMENTS is empty or was not provided, output exactly this and stop:
Provide an instruction describing the batch change you want to make.
Examples:
/mass-change migrate from react to vue
/mass-change replace all uses of lodash with native equivalents
/mass-change add type annotations to all untyped function parameters
Check 2 — Git repository.
Run git rev-parse --is-inside-work-tree in the current directory. If it fails or returns an error, output exactly this and stop:
This is not a git repository. The /mass-change skill requires a git repo because it spawns agents in isolated branches and creates PRs from each. Initialize a repo first, or run this from inside an existing one.
If both checks pass, proceed with the three phases below.
Understand the scope. Launch one or more research agents (using the delegate tool, in the foreground — you need their results) to deeply research what this instruction touches. Find all the files, patterns, and call sites that need to change. Understand the existing conventions so the migration is consistent.
Decompose into independent units. Break the work into 5–30 self-contained units. Each unit must:
Scale the count to the actual work: few files → closer to 5; hundreds of files → closer to 30. Prefer per-directory or per-module slicing over arbitrary file lists.
Determine the verification recipe. Figure out how a worker can verify its change actually works end-to-end — not just that unit tests pass. Look for:
If you cannot find a concrete e2e path, ask the user how to verify this change end-to-end. Offer 2–3 specific options based on what you found (e.g., "Screenshot via browser automation", "Run dev server and curl the endpoint", "No e2e — unit tests are sufficient"). Do not skip this — the workers cannot ask the user themselves.
Write the recipe as a short, concrete set of steps that a worker can execute autonomously. Include any setup (start a dev server, build first) and the exact command/interaction to verify.
Write the plan. Present:
Present the plan for user approval before proceeding.
Once the plan is approved, spawn one agent per work unit using the delegate tool. Launch them all in a single message block so they run in parallel.
For each agent, the prompt must be fully self-contained. Include:
…
Review code changes for reuse, quality, and efficiency, then fix issues.
Convert skills from other AI coding assistants into Amplifier-native SKILL.md files.
Analyze images, extract text, and answer visual questions with LLM vision models.
Design robust config and state file handling with safe defaults and crash recovery.
Get skeptical, practical guidance on architecture, legacy refactors, and tooling decisions.
Design auth and TLS patterns for smooth local use and secure remote access.
Execute implementation plans with task-specific subagents and code review checkpoints.
Dispatch multiple agents in parallel to investigate and fix independent issues.
Speed up complex tasks with parallel execution while preserving correctness.
Execute implementation plans by splitting and advancing independent tasks in-session.
Execute detailed plans in batches with review checkpoints and course correction.
Coordinate multiple AI agents in one Git repo and prevent conflicts early.