claim-chart
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- Spreadsheet Security Safeguards: The skill includes an explicit mitigation strategy to prevent CSV/Excel formula injection. It automatically prepends an apostrophe (
') to any cell value starting with potentially executable characters like=,+,-, or@. This prevents malicious data in legal documents from being executed as code when opened in spreadsheet software. - Conflict of Interest Gate: A mandatory 'conflicts gate' is implemented that checks a central matter log (
_log.yaml) before proceeding. The skill refuses to operate on matters that haven't passed through the standard intake and conflicts check process, ensuring professional compliance. - Data Privacy and Privilege Management: The instructions include clear warnings regarding document use restrictions (e.g., UK CPR 31.22 and US Rule 26(c)) and mandate a work-product header on all outputs to preserve legal privilege and confidentiality.
- Local Configuration and Matter Isolation: The skill uses a structured file system for matter management (
~/.claude/plugins/config/...) and includes logic to prevent cross-matter data leakage by restricting access to the active matter's directory only. - Verification-First Design: It enforces a 'draft-only' posture, explicitly stating that no output constitutes a legal finding or contention and requiring attorney verification for every pin-cited evidence cell.
Audit Metadata