policy-diff
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- Structured File Access: The skill reads and writes data within the
~/.claude/plugins/config/claude-for-legal/regulatory-legal/directory. This is used to manage the policy library index and matter-specific workspaces, which is consistent with the skill's documented purpose for regulatory compliance tracking. - External Data Handling: It processes regulatory text provided by users or external sources. To mitigate the risk of processing inaccurate or malicious content, the skill requires explicit source attribution (e.g.,
[web search — verify],[user provided]) and prohibits 'silent supplements' or filling gaps using model knowledge without user approval. - Integrity Banners: The skill automatically generates warning banners if a rule's status cannot be verified or if the user requests a restricted scope. These banners are designed to be carried through to downstream artifacts to prevent the misrepresentation of compliance data.
- Matter Separation: It includes logic to enforce matter-level data isolation, specifically instructing the agent not to read files from other matter workspaces unless cross-matter context is explicitly enabled.
Audit Metadata