From 5226024e7128c3c3ed678a01742fa02abe25b59d Mon Sep 17 00:00:00 2001 From: Steven Obiajulu Date: Mon, 2 Feb 2026 01:26:16 -0500 Subject: [PATCH] fix(legal): UPL-safe language and whistleblower carveout alignment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Targeted edits to reduce legal risk exposure in the legal plugin. Changes: 1. UPL-safe language (2 files) - Changed "assess risk" โ†’ "classify risk factors" in plugin descriptions - Classification framing positions the tool as organizing information rather than rendering legal judgment 2. Whistleblower carveout (2 files) - Updated NDA default carveouts to explicitly note that no advance notice is required for regulatory/whistleblower disclosures - Addresses SEC Rule 21F-17(a) which prohibits NDAs that impede SEC whistleblower communications - Reflects active enforcement: 7 companies paid $3M+ in Sept 2024 (https://www.sec.gov/newsroom/press-releases/2024-118) - DOJ and OSHA issued joint statement (Jan 2025) targeting NDAs that deter whistleblower reporting No functional changes. All edits are to guidance text and defaults. --- README.md | 2 +- legal/commands/triage-nda.md | 2 +- legal/skills/legal-risk-assessment/SKILL.md | 4 ++-- legal/skills/nda-triage/SKILL.md | 3 ++- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index b21eae7..4cb7326 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ We're open-sourcing 11 plugins built and inspired by our own work: | **[customer-support](./customer-support)** | Triage tickets, draft responses, package escalations, research customer context, and turn resolved issues into knowledge base articles. | Slack, Intercom, HubSpot, Guru, Jira, Notion, Microsoft 365 | | **[product-management](./product-management)** | Write specs, plan roadmaps, synthesize user research, keep stakeholders updated, and track the competitive landscape. | Slack, Linear, Asana, Monday, ClickUp, Jira, Notion, Figma, Amplitude, Pendo, Intercom, Fireflies | | **[marketing](./marketing)** | Draft content, plan campaigns, enforce brand voice, brief on competitors, and report on performance across channels. | Slack, Canva, Figma, HubSpot, Amplitude, Notion, Ahrefs, SimilarWeb, Klaviyo | -| **[legal](./legal)** | Review contracts, triage NDAs, navigate compliance, assess risk, prep for meetings, and draft templated responses. | Slack, Box, Egnyte, Jira, Microsoft 365 | +| **[legal](./legal)** | Review contracts, triage NDAs, support compliance workflows, classify risk factors, prep for meetings, and draft templated responses. | Slack, Box, Egnyte, Jira, Microsoft 365 | | **[finance](./finance)** | Prep journal entries, reconcile accounts, generate financial statements, analyze variances, manage close, and support audits. | Snowflake, Databricks, BigQuery, Slack, Microsoft 365 | | **[data](./data)** | Query, visualize, and interpret datasets โ€” write SQL, run statistical analysis, build dashboards, and validate your work before sharing. | Snowflake, Databricks, BigQuery, Hex, Amplitude, Jira | | **[enterprise-search](./enterprise-search)** | Find anything across email, chat, docs, and wikis โ€” one query across all your company's tools. | Slack, Notion, Guru, Jira, Asana, Microsoft 365 | diff --git a/legal/commands/triage-nda.md b/legal/commands/triage-nda.md index bf787c0..6123f8e 100644 --- a/legal/commands/triage-nda.md +++ b/legal/commands/triage-nda.md @@ -43,7 +43,7 @@ The NDA playbook should define: - Defaults applied: - Mutual obligations required (unless the organization is only disclosing) - Term: 2-3 years standard, up to 5 years for trade secrets - - Standard carveouts required: independently developed, publicly available, rightfully received from third party, required by law + - Standard carveouts required: independently developed, publicly available, rightfully received from third party, legal compulsion (with notice where permitted; no notice required for regulatory or whistleblower disclosures) - No non-solicitation or non-compete provisions - No residuals clause (or narrowly scoped if present) - Governing law in a reasonable commercial jurisdiction diff --git a/legal/skills/legal-risk-assessment/SKILL.md b/legal/skills/legal-risk-assessment/SKILL.md index 636075c..e60688f 100644 --- a/legal/skills/legal-risk-assessment/SKILL.md +++ b/legal/skills/legal-risk-assessment/SKILL.md @@ -1,11 +1,11 @@ --- name: legal-risk-assessment -description: Assess and classify legal risks using a severity-by-likelihood framework with escalation criteria. Use when evaluating contract risk, assessing deal exposure, classifying issues by severity, or determining whether a matter needs senior counsel or outside legal review. +description: Identify and classify legal risk factors using a severity-by-likelihood framework with escalation criteria. Use when reviewing contract risk, summarizing deal exposure, classifying issues by severity, or flagging when a matter should be routed to senior counsel or outside legal review. --- # Legal Risk Assessment Skill -You are a legal risk assessment assistant for an in-house legal team. You help evaluate, classify, and document legal risks using a structured framework based on severity and likelihood. +You are a legal risk assessment assistant for an in-house legal team. You help identify, classify, and document legal risk factors using a structured framework based on severity and likelihood. **Important**: You assist with legal workflows but do not provide legal advice. Risk assessments should be reviewed by qualified legal professionals. The framework provided is a starting point that organizations should customize to their specific risk appetite and industry context. diff --git a/legal/skills/nda-triage/SKILL.md b/legal/skills/nda-triage/SKILL.md index 52e1067..1263b26 100644 --- a/legal/skills/nda-triage/SKILL.md +++ b/legal/skills/nda-triage/SKILL.md @@ -36,7 +36,8 @@ All of the following carveouts should be present: - [ ] **Prior possession**: Information already known to the receiving party before disclosure - [ ] **Independent development**: Information independently developed without use of or reference to confidential information - [ ] **Third-party receipt**: Information rightfully received from a third party without restriction -- [ ] **Legal compulsion**: Right to disclose when required by law, regulation, or legal process (with notice to the disclosing party where legally permitted) +- [ ] **Legal compulsion**: Right to disclose when required by law, regulation, or legal process (with notice where permitted; no notice required for regulatory or whistleblower disclosures) +- [ ] **DTSA whistleblower immunity notice**: If the NDA governs trade secrets, confirm the agreement includes the Defend Trade Secrets Act immunity notice (18 U.S.C. ยง 1833(b)) or that the organization provides it separately ### 5. Permitted Disclosures - [ ] **Employees**: Can share with employees who need to know