legal-writing
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- Local File Access for Contextual Awareness: The skill is configured to read from a specific configuration file located at
~/.claude/plugins/config/claude-for-legal/law-student/CLAUDE.md. This is a design feature intended to personalize feedback based on the user's skill level and past patterns. It does not attempt to access sensitive system directories or credentials. - Feedback Persistence and Session Tracking: The skill appends session summaries to a local
tracker.mdfile. This mechanism allows for long-term pattern detection in the student's writing. This is an expected behavior for a pedagogical tool and does not constitute a persistence-based attack vector as it does not modify system startup scripts or executable files. - Input Ingestion Considerations: The skill processes untrusted user data in the form of legal drafts. While this introduces a surface for indirect prompt injection, the risk is effectively mitigated by the skill's limited capabilities; it only generates textual feedback and updates a local log file without performing network requests or shell command execution.
Audit Metadata