invention-intake

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFENO_CODE
Full Analysis
  • Intended File System Interaction: The skill reads practice-level configuration and writes screening memos to matter-specific directories within the user's plugin configuration path (e.g., ~/.claude/plugins/config/claude-for-legal/). This is a functional requirement that allows the agent to maintain context across different legal matters and follow defined filing strategies.
  • Indirect Prompt Injection Surface: The skill is designed to ingest and analyze invention disclosures, which are external data sources. This creates a standard surface where instructions hidden within a disclosure could attempt to influence the agent's logic.
  • Ingestion points: Invention disclosures are processed in the intake workflow (Step 1).
  • Boundary markers: The instructions do not define specific delimiters to isolate the ingested disclosure content from the skill's logic.
  • Capability inventory: The skill is capable of reading practice profiles and writing output memos to local matter folders.
  • Sanitization: No explicit content filtering or validation is performed on the disclosure text before analysis.
  • No Code Components: The skill is implemented entirely through natural language instructions. It does not contain executable scripts, binaries, or external code dependencies, which minimizes the risk of unauthorized command execution or system-level changes.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 09:46 PM
Security Audit — agent-trust-hub — invention-intake