The Agent Skills Directory

Formula Injection Defense: The skill explicitly implements a security measure to neutralize formula injection in exported CSV, Excel, and Google Sheets files. It instructs the agent to prefix potentially executable characters (such as =, +, -, or @) with a single quote when sourcing text from documents. This is a critical safeguard that prevents malicious content within legal documents from being executed as a macro or used for data exfiltration when the output is opened in a spreadsheet application.
Data Integrity and Normalization Pass: A dedicated workflow step is defined to verify that all extracted data is traceable to the source. This pass involves spot-checking verbatim quotes against the original documents to ensure that the agent has not paraphrased, composed, or reconstructed evidence. This prevents the misrepresentation of findings and ensures a high level of auditability.
Secure Workspace Management: The skill follows a strict workspace isolation policy, reading from and writing to specific, user-authorized paths (such as ~/.claude/plugins/config/claude-for-legal/). It also includes explicit distributional warnings for the user regarding attorney-client privilege and confidentiality, aligning with professional legal standards.
Trusted Dependency Management: The skill references established, well-known Python libraries like openpyxl and official Google API clients for its operations. These are industry-standard tools for spreadsheet manipulation and cloud integration, used here in their intended capacity without suspicious installation patterns.

tabular-review