For each change that is submitted, AbuseFilter provides variables that can be used to write filters, typically allowing a comparison of the current revision with the one to be submitted. For example the size of the page (before and after the edit) can be found in the variables old_size and new_size.
For edits to Wikibase entities the AbuseFilter variables added_links (removed_links) don't seem to be properly populated, they are always empty. They should contain a list of the external links that were added (removed) in the edit to be submitted.
Also the variable all_links seems to always equal old_links, while it should in fact contain all links in the revision to be submitted.
This is Wikibase specific, as it works with Wikitext pages.