claim-chart

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • Spreadsheet Security Safeguards: The skill includes an explicit mitigation strategy to prevent CSV/Excel formula injection. It automatically prepends an apostrophe (') to any cell value starting with potentially executable characters like =, +, -, or @. This prevents malicious data in legal documents from being executed as code when opened in spreadsheet software.
  • Conflict of Interest Gate: A mandatory 'conflicts gate' is implemented that checks a central matter log (_log.yaml) before proceeding. The skill refuses to operate on matters that haven't passed through the standard intake and conflicts check process, ensuring professional compliance.
  • Data Privacy and Privilege Management: The instructions include clear warnings regarding document use restrictions (e.g., UK CPR 31.22 and US Rule 26(c)) and mandate a work-product header on all outputs to preserve legal privilege and confidentiality.
  • Local Configuration and Matter Isolation: The skill uses a structured file system for matter management (~/.claude/plugins/config/...) and includes logic to prevent cross-matter data leakage by restricting access to the active matter's directory only.
  • Verification-First Design: It enforces a 'draft-only' posture, explicitly stating that no output constitutes a legal finding or contention and requiring attorney verification for every pin-cited evidence cell.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 12:28 AM
Security Audit — agent-trust-hub — claim-chart