nda-review
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- Local Configuration Management: The skill reads and writes to specific local paths (e.g.,
~/.claude/plugins/config/claude-for-legal/) to maintain a persistent 'playbook' of legal positions. This allows the tool to provide consistent triage results based on organization-specific rules and is core to its intended functionality. - Authorization and Privilege Safeguards: The skill explicitly instructs the agent to verify the recipient's 'privilege circle' before generating output, helping to prevent the accidental waiver of legal privilege. It also restricts certain high-confidence outcomes (GREEN status) until attorney-reviewed positions are established in the configuration.
- Indirect Input Processing: As a document review tool, the skill processes untrusted input in the form of NDA text. It mitigates potential manipulation by requiring checks against the structured playbook (
CLAUDE.md) and prompting for human confirmation before any new positions are recorded or acted upon. - Resource Locality: The skill operates entirely within the local environment, referencing local configuration files rather than external network resources or remote scripts, which minimizes its external attack surface.
Audit Metadata