The Agent Skills Directory

Local File Access: The skill reads from and writes to specific paths within ~/.claude/plugins/config/claude-for-legal/. This is used to maintain context for legal matters, board templates, and minutes formats. While this involves handling sensitive organizational information, the access is scoped to the skill's intended purpose within the legal toolkit environment.
Calendar Data Integration: The skill searches the user's calendar for board-related meetings to identify events. This requires user authorization and is a core feature to automate the identification of relevant meetings for drafting.
Processing Untrusted Materials (Indirect Prompt Injection Surface): The skill ingests external documents like meeting agendas and presentation slides to extract resolutions and summaries. While this creates a potential surface for indirect prompt injection where instructions could be hidden in the uploaded materials, the skill lacks capabilities that would allow for high-impact exploitation, such as network access or arbitrary command execution.
Role-Based Validation: The skill includes a conditional check for the user's role (lawyer vs. non-lawyer) and provides guidance on the legal implications of adopting minutes, encouraging professional attorney review before finalization.

board-minutes