closing-checklist
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- Legal Document Processing (Indirect Prompt Injection Surface): The skill identifies and extracts data from external purchase agreements and diligence findings. This creates a surface where external content enters the agent's context.
- Ingestion points: Purchase agreements (Mode 1), diligence issue extraction findings, and material contract schedules (Mode 2).
- Boundary markers: None explicitly defined to separate document text from instructions.
- Capability inventory: File read/write operations to specific deal and matter folders (yaml, md files).
- Sanitization: Not explicitly defined; the skill relies on extracting specific legal categories.
- Scoped File System Access: The skill reads from and writes to a specific directory structure (
~/.claude/plugins/config/claude-for-legal/). This localized file interaction is consistent with maintaining state for legal matters within a controlled plugin environment. - Consequential-Action Safeguard: A positive security design choice is the 'Consequential-action gate,' which requires explicit confirmation and attorney oversight before the agent can certify closing conditions or produce final closing memos.
Audit Metadata