// Legal workflows — contract review, compliance checks, NDA triage, risk assessment, legal briefs. Use when reviewing contracts, checking compliance, triaging NDAs, assessing legal risk, or drafting legal documents. Not legal advice — analysis support for qualified professionals.
[HINT] Download the complete skill directory including SKILL.md and all related files
| name | legal |
| description | Legal workflows — contract review, compliance checks, NDA triage, risk assessment, legal briefs. Use when reviewing contracts, checking compliance, triaging NDAs, assessing legal risk, or drafting legal documents. Not legal advice — analysis support for qualified professionals. |
| routing | {"triggers":["legal","contract review","compliance check","NDA","legal risk","legal brief","vendor check","german compliance","DSGVO","GoBD","TDDDG","AI Act compliance","eIDAS"],"category":"business","force_route":false,"pairs_with":[]} |
| user-invocable | true |
Analysis support for in-house legal teams. Contract review, compliance checks, NDA triage, risk assessment, legal writing, and response generation.
Disclaimer: Analysis support, not legal advice. Review by qualified counsel required.
Classify the request into one mode before proceeding. If the request spans modes, choose the primary and note the secondary.
| Mode | Signal Phrases | Core Output |
|---|---|---|
| CONTRACT | review contract, clause analysis, redline, playbook, negotiate | Clause-by-clause analysis with GREEN/YELLOW/RED flags and redline suggestions |
| COMPLIANCE | compliance check, GDPR, HIPAA, CCPA, SOX, regulation, data protection, DSGVO, GoBD, TDDDG, eIDAS, AI Act, NIS2, KRITIS, Grundschutz, TISAX, DORA | Applicable regulations, requirements checklist, risk areas, approvals needed |
| NDA | NDA, triage NDA, non-disclosure, confidentiality agreement | GREEN/YELLOW/RED classification with screening checklist |
| RISK | legal risk, risk assessment, exposure, severity, escalation | Severity x Likelihood matrix score with escalation path |
| WRITING | legal brief, memo, legal response, draft response, template | Structured legal document in appropriate format |
| VENDOR | vendor check, vendor status, agreement status, what's signed | Agreement inventory, gap analysis, upcoming deadlines |
Load only the references required by the detected mode.
| Mode | References to Load |
|---|---|
| CONTRACT | references/contract-review.md |
| COMPLIANCE | references/compliance-frameworks.md, references/german-business-compliance.md |
| NDA | references/nda-triage.md |
| RISK | references/risk-assessment.md |
| WRITING | references/legal-writing.md |
| VENDOR | references/contract-review.md (for gap analysis context) |
Always load references/llm-legal-failure-modes.md for every mode. LLM failure awareness is non-negotiable in legal work.
Framework: INTAKE -> ANALYZE -> FLAG -> REDLINE -> STRATEGIZE
Phase 1: INTAKE -- Accept the contract and gather context.
Phase 2: ANALYZE -- Clause-by-clause review.
Load references/contract-review.md for the full clause analysis methodology.
Gate: Every material clause analyzed. No clause reviewed in isolation.
Phase 3: FLAG -- Classify deviations.
| Flag | Meaning | Action |
|---|---|---|
| GREEN | At or better than standard. Minor commercially reasonable variation. | Note for awareness. No negotiation. |
| YELLOW | Outside standard but within negotiable range. Common in market. | Generate redline + fallback + business impact. |
| RED | Outside acceptable range. Material risk. Escalation trigger. | Explain risk. Provide market-standard alternative. Recommend escalation. |
Phase 4: REDLINE -- Generate specific alternative language for YELLOW and RED items.
Each redline includes: current language (exact quote), proposed language, rationale (suitable for counterparty), priority (must-have / should-have / nice-to-have), fallback position.
Phase 5: STRATEGIZE -- Negotiation strategy.
Lead with Tier 1. Trade Tier 3 to secure Tier 2. Escalate before making any Tier 1 concession.
Gate: Top 3 issues identified. Negotiation priority established. Concession candidates named.
Output format:
## Contract Review Summary
**Document**: [name] | **Parties**: [names] | **Side**: [role] | **Basis**: [Playbook/Generic]
## Key Findings
[Top 3-5 issues with severity flags]
## Clause-by-Clause Analysis
### [Clause] -- [GREEN/YELLOW/RED]
**Contract says**: ... | **Standard**: ... | **Deviation**: ... | **Impact**: ... | **Redline**: ...
## Negotiation Strategy
[Priorities, concessions, approach]
Framework: SCOPE -> MAP -> ASSESS -> RECOMMEND
Phase 1: SCOPE -- Understand the proposed action.
Phase 2: MAP -- Identify applicable regulations.
Load references/compliance-frameworks.md for regulation-specific requirements.
Map all potentially applicable frameworks. Check for overlapping or conflicting requirements across jurisdictions.
Phase 3: ASSESS -- Check each requirement.
| Requirement | Status | Action Needed |
|---|---|---|
| [Requirement] | Met / Not Met / Unknown | [Specific action] |
For each risk area, assess severity and mitigation path.
Phase 4: RECOMMEND -- Prioritized action list with approvals needed.
Gate: All applicable regulations identified. Requirements checked. Approvals mapped.
Output: Quick assessment (Proceed / Proceed with conditions / Requires further review), applicable regulations table, requirements checklist, risk areas, recommended actions, approvals needed.
Framework: ACCEPT -> SCREEN -> CLASSIFY -> REPORT
Load references/nda-triage.md for the full screening checklist and common deviations catalog.
Phase 1: ACCEPT -- Accept NDA in any format.
Phase 2: SCREEN -- Systematic evaluation against 10 screening criteria.
Agreement structure, definition scope, receiving party obligations, standard carveouts (public knowledge, prior possession, independent development, third-party receipt, legal compulsion), permitted disclosures, term/duration, return/destruction, remedies, problematic provisions (non-solicit, non-compete, exclusivity, standstill, residuals, IP assignment).
Phase 3: CLASSIFY
| Classification | Criteria | Routing |
|---|---|---|
| GREEN | All criteria pass. Standard mutual, all carveouts, reasonable term, no prohibited provisions. | Standard delegation. Same-day approval. |
| YELLOW | Minor deviations: broader definition, longer term, missing one carveout, narrow residuals, non-preferred jurisdiction. | Counsel review. 1-2 business days. |
| RED | Wrong type, missing critical carveouts, non-solicit/non-compete, perpetual term, broad residuals, hidden IP assignment, liquidated damages. | Full legal review. Do not sign. 3-5 business days. |
Phase 4: REPORT -- Structured triage report with specific issues, risks, and suggested fixes.
Gate: Every screening criterion evaluated. Classification justified.
Framework: IDENTIFY -> SCORE -> CLASSIFY -> DOCUMENT
Load references/risk-assessment.md for the full severity/likelihood matrix and documentation standards.
Phase 1: IDENTIFY -- Define the risk clearly with background and context.
Phase 2: SCORE -- Apply Severity (1-5) x Likelihood (1-5) matrix.
Phase 3: CLASSIFY
| Score | Level | Color | Escalation |
|---|---|---|---|
| 1-4 | Low | GREEN | Accept. Monitor quarterly. |
| 5-9 | Medium | YELLOW | Mitigate. Assign owner. Monthly review. |
| 10-15 | High | ORANGE | Senior counsel. Outside counsel if needed. Weekly review. |
| 16-25 | Critical | RED | GC/C-suite/Board. Outside counsel. Litigation hold if applicable. Daily review. |
Phase 4: DOCUMENT -- Risk memo with contributing factors, mitigating factors, mitigation options, recommended approach, residual risk, monitoring plan.
Gate: Both severity and likelihood ratings justified with specific rationale. Score calculated. Escalation path defined.
Framework: CLASSIFY -> DRAFT -> REVIEW
Load references/legal-writing.md for format templates and escalation triggers.
Phase 1: CLASSIFY -- Determine document type.
| Type | Use Case |
|---|---|
| Legal memo | Internal analysis of a legal question |
| Legal brief | Summary of issue, law, and recommendation |
| Legal response | Templated response to common inquiries (DSR, litigation hold, vendor question, NDA request, subpoena) |
| Meeting brief | Pre-meeting context, talking points, action items |
| Incident brief | Rapid brief for developing situations (breach, litigation threat, regulatory inquiry) |
Phase 2: DRAFT -- Generate document in the appropriate format.
For legal responses: check escalation triggers before generating. If any trigger fires (regulatory inquiry, potential litigation, criminal exposure, media attention, multiple jurisdictions), stop and recommend escalation instead of a templated response.
Phase 3: REVIEW -- Present draft for user review. Note any assumptions, gaps, or areas needing counsel input.
Gate: Document type correctly identified. Escalation triggers checked. All required elements present.
Framework: IDENTIFY -> INVENTORY -> GAP ANALYSIS -> REPORT
Phase 1: IDENTIFY -- Accept vendor name. Handle variations (legal name vs. trade name, abbreviations, parent/subsidiary).
Phase 2: INVENTORY -- Search for all agreements with the vendor. For each agreement found, capture: type (NDA/MSA/SOW/DPA/SLA), status (active/expired/in-negotiation), effective date, expiration date, auto-renewal details, key terms.
Phase 3: GAP ANALYSIS -- Identify what exists vs. what should exist.
Required agreements by relationship type:
Flag: agreements expired but with surviving obligations, approaching expirations (90-day window), DPA gaps when vendor handles personal data.
Phase 4: REPORT -- Consolidated status report with gap analysis and upcoming actions.
Gate: All available sources checked. Gaps identified. Approaching deadlines flagged.
Legal analysis is a high-risk domain for LLM failures. Load references/llm-legal-failure-modes.md and apply these guards on every mode:
| Failure Mode | Guard |
|---|---|
| Fabricated case law or citations | Verify all citations with user before including. State "verify this citation" when referencing specific law. |
| Invented regulatory requirements | Distinguish between "this regulation requires X" (high confidence, well-known) and "check whether this applies in your jurisdiction" (lower confidence). |
| Jurisdiction confusion | Always ask which jurisdiction applies. Ask which jurisdiction applies. State which jurisdiction the analysis covers. |
| Overconfident analysis | Use calibrated language: "likely," "typically," "in most jurisdictions" rather than absolutes. |
| Missing clause interactions | Read entire contract before analyzing individual clauses. Clauses interact. |
| Stale legal knowledge | Training data has a cutoff. Recommend counsel verify current regulatory state, especially for recently enacted or amended laws. |
| Error | Cause | Solution |
|---|---|---|
| No contract provided | User asks for review without document | Prompt for document in any format |
| Ambiguous jurisdiction | Multi-jurisdiction deal | Ask user to specify primary jurisdiction. Note differences. |
| No playbook configured | First use, no organizational standards | Proceed with market-standard positions. Note clearly. |
| Contract too long (50+ pages) | Large agreement | Offer to focus on most material sections first, then complete review |
| Conflicting regulations | Cross-border requirements clash | Flag conflicts explicitly. Do not pick a winner. Recommend counsel. |
| Template needed for unknown type | No template for the inquiry type | Help user create a template following the creation guide in references |