hiring-review
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- Local Workspace Management: The skill accesses and manages files within
~/.claude/plugins/config/claude-for-legal/to retrieve jurisdiction tables and store matter-specific work product. This practice is used for maintaining local application state and persistent context for legal matters. - Indirect Prompt Injection Surface:
- Ingestion points: The skill is designed to ingest and analyze 'offer letter files' or descriptions of hires provided by the user (found in
SKILL.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded instructions within the processed data are specified in the workflow.
- Capability inventory: The skill has the capability to read matter context, write outputs to local matter folders, and invoke configured legal research tools (
SKILL.md). - Sanitization: No explicit sanitization of the input document content is mentioned before processing.
- Context: While processing external data is an inherent surface for indirect prompt injection, the skill's detailed workflow and requirement for primary source attribution serve as significant mitigating factors.
- Research Tool Integration: The skill integrates with external research tools to ensure legal information is current. It includes specific instructions for source attribution (tagging results with their origin) and prevents the agent from 'silently supplementing' information from its own memory, ensuring user oversight of the data sources used in the review.
Audit Metadata