legal-hold
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- Local File Access: The skill reads from and writes to matter-specific files (such as 'matter.md' and '_log.yaml') and template files within a specific configuration directory. Accessing local files is necessary for tracking the lifecycle of a legal hold, and the skill limits its operations to defined plugin paths to ensure relevant data handling.
- Potential for Indirect Prompt Injection: The skill ingests data from external files to generate drafts and reports. If these files were to contain untrusted content, it could potentially influence the agent's output during the drafting process. This consideration is mitigated by the skill's explicit instructions to the user to review all drafts and proposed log updates before they are finalized.
- Operational Controls: The skill implements strict procedural gates, such as mandatory conflicts checks and specific warnings regarding the legal consequences of issuing or releasing notices. These controls ensure that the agent does not perform high-stakes actions without significant user oversight and professional verification.
Audit Metadata