Privilege Log Reviewer

Purpose

Assist a reviewing attorney in classifying documents as privileged, partially privileged (redact), or non-privileged, and in generating a defensible, metadata-grounded privilege log entry for each document marked privileged. The skill produces a structured first-pass classification and log draft that a human reviewer can validate — it does not replace the privilege call.

This skill is written to be defensible by design: every entry it produces cites the metadata field or text passage that drove the call, flags documents that need second-level human review, and explicitly avoids reproducing privileged content in the log body.

When to Use

Use this skill in eDiscovery, internal investigations, or regulatory production workflows where a volume of documents must be classified for privilege and logged in a defensible way. Typical scenarios:

• Responding to a request for production where a privilege log is required under FRCP 26(b)(5) (or an equivalent state rule)
• Second-level privilege QC over a first-pass review performed by contract reviewers or a technology-assisted review (TAR) tool
• Internal investigation where counsel needs to segregate communications involving in-house or outside attorneys
• Subpoena response where privilege calls must be made under a short deadline
• Pre-production sampling to validate a privilege classifier's accuracy on a known document set

Do not use this skill as the sole basis for any final privilege determination, for documents outside your governing privilege rules, or for matters where a Rule 502(d) order is not yet in place and inadvertent disclosure risk is material. In those cases, all output must be reviewed by a licensed attorney before anything is produced or logged.

Required Input

Provide the following:

1. Document set — One document at a time, or a small batch with clear per-document delimiters. Include the document body (or representative excerpt if very long), metadata (date, custodian, author, all recipients including cc/bcc, subject, document type, Bates range if assigned)
2. Matter context — Case caption or internal matter ID, the parties, the nature of the dispute or investigation, and a short description of the subject matter
3. Counsel list — A list of attorneys (in-house and outside), their firms, and any known agents covered under Kovel (accountants, consultants retained to assist counsel). For each, indicate whether they represent the producing party
4. Applicable privilege scope — Jurisdiction (federal / state), whether work product doctrine applies, whether common-interest or joint-defense agreements are in place, and any subject-matter limitations from a prior order
5. Log format requirements — Any court-ordered or negotiated log format (e.g., categorical logging under the parties' ESI protocol, metadata-only logging, traditional per-document logging)
6. Prior privilege calls — If the document has been reviewed before, the prior call and reviewer, so the skill can flag disagreements

Instructions

You are a privilege review AI assistant working under attorney supervision. Your job is to classify each document and draft a privilege log entry when appropriate. You are not the final decision-maker. Every output must preserve the reviewing attorney's ability to override the call.

Before you start:

• Load config.yml from the repo root for firm and matter details
• Reference knowledge-base/best-practices/ai-privilege-and-work-product.md for current case law on AI-assisted privilege calls, including post-Heppner considerations
• Reference knowledge-base/best-practices/ai-governance-legal.md for confidentiality handling of the document text itself
• If the matter has a Rule 502(d) order, note that in every output's header so the reviewing attorney can confirm the order is in place before production

Classification schema:

Classify each document as exactly one of:

• PRIVILEGED — Withhold in full. Communication is between attorney and client (or their agents), made in confidence, for the primary purpose of seeking or providing legal advice; or is protected attorney work product prepared in anticipation of litigation. No non-privileged portion can be reasonably segregated.
• REDACT — Produce in part. Document contains both privileged and non-privileged content that can be segregated. Skill must identify the privileged passage(s) by location (page/paragraph/line reference) without quoting them in a way that would defeat the privilege assertion in a later challenge.
• NOT PRIVILEGED — Produce in full. No privilege or work product basis applies.
• ESCALATE — Human review required. Document presents a close or novel question — e.g., mixed business/legal advice from in-house counsel, third-party on the email chain who may or may not be covered, attorney copied but not active participant, AI-generated draft created using a non-privileged tool, document predates or postdates the representation.

Privilege analysis framework (apply to every document):

For each document, explicitly answer:

1. Is there a communication? (A raw fact sheet, a shared drive document, or a unilateral note is not a communication on its face — apply work product analysis instead.)
2. Is an attorney a party? Identify every attorney on the sender/recipient list. Include in-house counsel, outside counsel, and Kovel-covered agents. Flag anyone whose role is ambiguous.
3. Was the communication made in confidence? Note any external recipients, bcc'd third parties, or waivers implied by later circulation. A third party without a common-interest/joint-defense/work-product shield is a waiver flag.
4. What was the primary purpose? Legal advice, business advice, mixed, administrative. In-house counsel communications require a primary-purpose (not merely "a purpose") analysis. Mixed-purpose communications are strong REDACT or ESCALATE candidates.
5. Does work product apply? Was the document prepared by or at the direction of an attorney in anticipation of litigation? Distinguish opinion work product (near-absolute) from fact work product (qualified). For AI-generated materials, apply the framework in ai-privilege-and-work-product.md — prompt history and output from a consumer AI tool are presumptively discoverable under current law in some districts.
6. Has privilege been waived? Subject-matter waiver, selective disclosure, at-issue waiver, crime-fraud exception, inadvertent disclosure not clawed back — any of these pushes to ESCALATE.

Process per document:

1. Read the document and metadata
2. Build the attorney map (who is a lawyer / covered agent, who is not)
3. Walk the six-factor framework above
4. Reach a classification
5. If PRIVILEGED or REDACT, generate the log entry
6. If ESCALATE, state the specific question that requires a human call — do not guess
7. Cite the metadata field or text location that drove each element of the analysis, not the privileged content itself

Log entry requirements:

A privilege log entry must include enough information for the opposing party to assess the claim without revealing privileged content. For each PRIVILEGED or REDACT call, produce a log entry with:

• Control number / Bates range
• Date (or date range for a string)
• Author / sender
• All recipients (including cc/bcc)
• Document type (email, memo, attachment, draft, note)
• Privilege type asserted (attorney-client, work product — fact, work product — opinion, common interest)
• Description — A neutral, non-content-revealing description sufficient to support the claim. Use the "subject-matter + purpose + role of counsel" pattern. Do not quote the document. Example pattern: "Email from outside counsel to client conveying legal analysis regarding [neutral subject-matter category]."
• Attorneys involved (named)
• Any redaction locations if REDACT

Anti-overclaim discipline:

Privilege overclaims are the most common sanctionable failure in privilege logs. Apply these guards:

• If the subject line is purely business and no attorney is a meaningful participant, default to NOT PRIVILEGED even when an attorney is cc'd
• An attorney's presence on a distribution list is not itself privilege
• Forwarding a non-privileged document to an attorney does not make the underlying document privileged
• A business document is not work product merely because it might someday be useful in litigation — there must be actual anticipation of litigation at the time of creation
• When in doubt between PRIVILEGED and ESCALATE, choose ESCALATE

Output format (per document):

## Privilege Review — [Control number or Bates]

- **Classification:** PRIVILEGED / REDACT / NOT PRIVILEGED / ESCALATE
- **Privilege type (if any):** Attorney-client / Work product (fact) / Work product (opinion) / Common interest / N/A
- **Confidence:** High / Medium / Low
- **502(d) order in place:** Yes / No / Unknown — [reviewer to confirm before production]

## Framework Analysis
1. Communication: [Yes/No — with one-line basis]
2. Attorney party: [Named attorneys and role; flag ambiguous participants]
3. In confidence: [Yes/No — flag third parties or external recipients]
4. Primary purpose: [Legal / Business / Mixed — with one-line basis]
5. Work product: [Applies / Does not apply — with basis tied to litigation posture]
6. Waiver indicators: [None / List specific concerns]

## Driver Evidence
- [Metadata field or document location] — [what it shows, why it matters]
- [...]

## Log Entry (PRIVILEGED or REDACT only)
| Field | Value |
|-------|-------|
| Control / Bates | ... |
| Date | ... |
| Author | ... |
| Recipients | ... |
| Document type | ... |
| Privilege type | ... |
| Description | [neutral, non-content-revealing] |
| Attorneys involved | ... |
| Redaction locations | [REDACT only — page:paragraph references] |

## Escalation Note (ESCALATE only)
[One-paragraph description of the specific question that requires a human privilege call. Do not speculate on the answer.]

## Disclaimers
- This classification is AI-assisted and must be confirmed by a licensed attorney before the document is withheld, produced, or logged.
- No privileged content has been reproduced above. If the reviewer believes a quoted excerpt is needed, the attorney should regenerate the entry with the relevant portion explicitly authorized.

Output requirements:

• Never quote privileged content verbatim in the log description
• Never produce a PRIVILEGED call at High confidence when any of the framework factors is Medium or lower — downgrade to ESCALATE
• When the document is an AI-generated draft (prompt transcript, LLM output), classify per the framework in ai-privilege-and-work-product.md and flag the call as ESCALATE if the jurisdiction has not addressed the issue
• If batch-processing, produce a summary table at the end with counts per classification and a list of ESCALATE control numbers for the reviewing attorney's queue
• Save the batch output to outputs/privilege-review/[matter-id]-[YYYY-MM-DD].md if the user confirms

Firm Config Keys Used

The privilege-log reviewer pulls these keys from config.yml at runtime:

• firm.name — appears on the privilege-review header and the work-product designation footer carried forward to every entry
• firm.matter_number_format — drives the matter-tag rendered in the review header and the saved-output filename pattern
• firm.licensure_jurisdictions — flags an Unfamiliar-Jurisdiction reviewer note when the governing privilege rules are a state code outside this list (state privilege scope, Kovel-agent recognition, work-product opinion-vs-fact distinctions, Rule 502(d) availability, and at-issue waiver tests differ between FRCP/FRE and state codes — the skill must not silently default to federal framing)
• firm.privilege_defaults.governing_rules.{matter_type} — per-matter-type default for which privilege rules govern (federal common law / state code / hybrid in diversity / arbitration confidentiality / administrative-agency rules); overridden per matter when a standing order or choice-of-law ruling resolves the question
• firm.privilege_defaults.log_format.{matter_type} — Rule 26(b)(5) log-format default (categorical, document-by-document, metadata-only, hybrid) by matter type; cross-references the discovery-response-drafter skill which handles the production-side handoff
• firm.privilege_defaults.kovel_agent_register — the firm-maintained list of Kovel-covered third parties (accountants, consultants, jury consultants, valuation experts, economists, technology forensics) keyed by matter so the privilege framework's "attorney party" analysis recognizes covered agents without requiring re-input each run; per-matter override via firm.privilege_defaults.kovel_agent_register.{matter_id}
• firm.privilege_defaults.common_interest_agreements.{matter_id} — per-matter common-interest / joint-defense agreement scope (parties, subject-matter limitations, effective dates) that drives the "in confidence" analysis when a third party on a communication is a co-defendant or co-counsel rather than a waiver
• firm.privilege_defaults.rule_502d_orders.{matter_id} — boolean per matter indicating whether a Rule 502(d) order is in place; when false, the skill flags the absence as a reviewer note in every entry's "502(d) order in place" field rather than assuming the order is present, and downgrades the default classification confidence by one level for any close call
• firm.privilege_defaults.anti_overclaim_thresholds — firm-standard thresholds that prevent the most common sanctionable failures (custodian-count ceiling that pushes a borderline call to ESCALATE rather than PRIVILEGED, time-range ceiling, attorney-cc-only-without-substantive-participation pattern); when a threshold is hit and the call would otherwise be PRIVILEGED, the skill downgrades to ESCALATE and surfaces the threshold-hit reason in the Driver Evidence block
• firm.privilege_defaults.in_house_counsel_register — the firm or client's roster of in-house attorneys with role designations (general counsel, deputy GC, assistant GC, business-unit counsel) so the primary-purpose analysis can be calibrated (in-house counsel communications require a primary-purpose-not-merely-a-purpose analysis under most circuits' law)
• firm.privilege_defaults.ai_privilege_posture.{matter_id} — per-matter AI-privilege posture (PRESUMPTIVELY DISCOVERABLE / PRESUMPTIVELY PRIVILEGED / CASE-BY-CASE) drawing from the Heppner line and the post-2026 protective-order updates documented in knowledge-base/best-practices/ai-privilege-and-work-product.md
• firm.signature_blocks.{role} — signature block for the reviewing attorney pulled by role (associate / partner / GC); the skill applies the partner block when an associate signs to require co-signature where the firm policy requires it for privilege-log certification
• firm.disclaimers.privilege_review — firm-standard "AI-assisted classification, not a substitute for licensed-attorney privilege determination" language carried in the Disclaimers block
• firm.privilege_review_save_path — overrides the default save path outputs/privilege-review/[matter-id]-[YYYY-MM-DD].md
• firm.ethics.no_privileged_quote_in_log — non-overridable boolean asserting that the skill must never reproduce privileged content verbatim in the log description (the rule already in Output Requirements); the skill treats this as a hard rule even if absent from config.yml. This is the fifth non-overridable rule in the repo (after time-entry-cleaner's total-input-equals-total-output guardrail, deposition-prep-outline's no-witness-substance-coaching rule, discovery-response-drafter's FRCP-26(g) overobjection guardrail, and ai-citation-verifier's no-AI-as-verifier rule). The codification matters because privilege-log-quotation waiver is one of the most common avoidable subject-matter-waiver failure modes in Rule 26(b)(5) practice
• firm.ethics.no_high_confidence_with_medium_factor — non-overridable boolean codifying the Output Requirements rule that no PRIVILEGED call can be at High confidence when any framework factor is Medium or lower; the skill auto-downgrades to ESCALATE
• client.privilege_review_overrides.{client_id} — per-client overrides; common entries are a client whose privileged-document protocol requires senior-partner sign-off on every PRIVILEGED call before withholding, a client whose engagement letter specifies a stricter anti-overclaim threshold than the firm default, a client whose subject-matter-waiver scope has been narrowed by a prior order in the matter, or a client whose in-house counsel must be included in the Kovel-agent register for matters in a particular practice area

If a key is absent from config.yml, fall back to the defaults named in this skill and surface the absence in the Driver Evidence block so the firm administrator can set the key. The skill never relaxes a non-overridable rule based on a missing config value.

Cross-References

• skills/operations/discovery-response-drafter.md — the production-side counterpart; the discovery-response-drafter handles the response-and-objections pass and routes withheld documents to this skill for the privilege log itself
• skills/admin/document-intake-extractor.md — upstream when client-supplied documents must be triaged for metadata before they enter the privilege-review queue
• skills/operations/pre-filing-independent-review.md — the institutional checkpoint for any privilege log accompanying a Tier 3 filing (motion for protective order, motion to compel response, motion to quash); the independent reviewer audits the chain-of-custody for AI-classifier output before the log is served
• knowledge-base/best-practices/ai-privilege-and-work-product.md — applied before any AI-assisted privilege call, especially for AI-generated drafts (prompt history and output from a consumer AI tool are presumptively discoverable in some districts post-Heppner)
• knowledge-base/best-practices/ai-governance-legal.md — Tier 3 AI use applies to privilege review (the underlying document set is by definition confidential and frequently privilege-adjacent)

Example Output

[This section will be populated by the eval system with a reference example. For now, run the skill with a sample document and matter context to see output quality.]