---
name: box-legal-workflows-ma
description: Build and manage M&A Virtual Data Rooms with Box MCP — create secure folder structures with numbered prefixes for due diligence, assign role-based access to…
---

# box-legal-workflows-ma

Build and manage M&A Virtual Data Rooms with Box MCP — create secure folder structures with numbered prefixes for due diligence, assign role-based access to…

# box-legal-workflows-maby box
Build and manage M&A Virtual Data Rooms with Box MCP — create secure folder structures with numbered prefixes for due diligence, assign role-based access to…

`npx skills add https://github.com/box/box-for-ai --skill box-legal-workflows-ma`Download ZIPGitHub

## M&A Deal Room Management

PREREQUISITES:

* Read `box:box` for Box MCP auth, tool selection, base workflows. If missing, run: `npx skills add https://github.com/box/box-for-ai --skill box`

* Read `box-legal-workflows` for risk frameworks, confidentiality, human-in-the-loop requirements, Box AI governance. If missing, ensure it's installed from the same skill package.

M&A Virtual Data Rooms require strict access controls, organized folder structures, and audit trails. This skill guides deal room creation, role-based permissions, and Box AI due diligence.

Core principles: Need-to-know access, audit readiness, compartmentalization, validation before sharing.

## Permission Architecture

### Internal Roles

RoleAccess LevelScopeDeal Lead / M&A TeamEditor or Co-OwnerRoot folderFinance TeamViewerFinancial Statements folder onlyLegal TeamEditorLegal Documents folder onlyExecutive StakeholdersViewerRoot folder (read-only overview)

### External Roles

[CONFIRM WITH USER: External permissions]
Before granting external access, confirm:

* Permission level? (Upload-Only, Viewer, Editor)

* Which folders? (entire deal room or specific folders)

* Expiration date?

* Shared link or direct collaboration?

Common patterns:

* External Counsel: Uploader on "External Counsel" folder (can upload, can't see others' files)

* Auditors: Viewer on Financial Statements folder only

* Prospective Buyer: Viewer on curated subset (not full deal room)

Always confirm before:

* Granting Editor/Co-Owner to external parties

* Creating Open shared links

* Granting root folder access outside core team

## Standard Folder Structure

[CONFIRM: Folder structure]
Before creating, confirm:

* Organization has standard M&A template?

* Additional categories? (Environmental, Insurance)

* Folders to omit?

Standard structure:

```
`[Deal Name] M&A Deal Room/
├── 01 - Financial Statements/
│ ├── Annual Reports/
│ ├── Quarterly Reports/
│ ├── Audited Financials/
│ └── Tax Returns/
├── 02 - Legal Documents/
│ ├── Corporate Documents/
│ ├── Material Contracts/
│ ├── Litigation/
│ └── Regulatory Filings/
├── 03 - HR & Employment/
├── 04 - Intellectual Property/
├── 05 - Commercial Contracts/
├── 06 - Real Estate & Assets/
├── 07 - IT & Cybersecurity/
└── 08 - External Submissions/
`
```

Why numbered prefixes: Consistent ordering across users, matches DD checklists, practice area alignment, segregates external submissions.

## Tool Selection

TaskPrimary ToolNotesCreate folders`create_folder`Batch create hierarchyUpload new files`upload_file`For new documentsCopy from Box`copy_file`Copy existing Box filesGrant internal access`create_collaboration`Viewer/Editor/Co-OwnerGrant external accessCONFIRM, then `create_collaboration`Always confirm firstValidate permissions`list_item_collaborations`Audit before sharingSearch documents`search_files_keyword`Find relevant docsDD Q&A`ai_qa_multi_file`Cross-document analysisExtract terms`ai_extract_structured_from_fields_enhanced`High accuracy extractionOrganize files`copy_file`Copy submissions to categories

## Implementation Workflow

### Phase 1: Deal Room Setup

* Authenticate: `who_am_i`

* Create root: `create_folder` with deal name

* Create subfolders: [CONFIRM: Customize?] → batch create

* Grant internal access: [CONFIRM: Emails and roles?] → `create_collaboration`

### Phase 2: Content Upload & Organization

* Upload/copy: [CONFIRM: Source?] → `upload_file` or `copy_file`

* Organize submissions: `get_file_details` → `ai_qa_single_file` (classify) → `copy_file` (copy to category)

### Phase 3: External Access & Sharing

* Audit permissions: `list_item_collaborations` (before external sharing)

* Grant external access: [CONFIRM: Who, folders, permission, expiration?] → `create_collaboration` or `add_folder_shared_link`

* Verify: `list_item_collaborations` (confirm correct)

### Phase 4: Due Diligence & Analysis

* Answer DD questions: `search_files_keyword` → `ai_qa_multi_file` → surface citations

* Extract terms: [CONFIRM: Fields?] → `ai_extract_structured_from_fields_enhanced`

* Write metadata: [CONFIRM: Template?] → `set_file_metadata`

## Guardrails

See box-legal-workflows for: Human-in-the-loop requirements, confidentiality, Box AI governance.

M&A-specific:

ALWAYS confirm before:

* External access grants (any external party)

* Creating shared links (especially Open)

* Creating initial folder structure (default template vs. custom)

* Copying files to externally-accessible folders (if file was NOT already externally accessible)

CONFIRM if uncertain:
5. Risk assessment decisions (if factors are ambiguous)
6. Metadata field selection (if unclear which fields are needed)
7. File categorization (if document type is unclear)

Proceed autonomously when confident:

* Copying/organizing files between internal folders (internal-only to internal-only, or external to external)

* Writing metadata when extraction is clear

* Categorizing documents by type when obvious

* Extracting terms from financial or legal documents with high confidence

* Creating due diligence summary reports

Default behaviors:

* Default to Viewer for external parties

* Prefer folder-specific over root access

* Validate with `list_item_collaborations` before external links

* Pace Box AI calls 1-2 seconds apart

* Surface citations from Box AI

## Example Workflows

### Example 1: Create Deal Room + Internal Access

Request: "Create M&A deal room for Project Thunder, give Sarah editor access, John viewer access."

Flow:

* `who_am_i`

* [CONFIRM]: "Standard M&A structure? Customize?"

* `create_folder` (root + all subfolders)

* [CONFIRM]: "Grant Sarah Editor, John Viewer on root?"

* `create_collaboration` (both)

* `list_item_collaborations` (verify)

* Report: folder IDs, access summary

### Example 2: External Counsel Upload Access

Request: "Give external law firm upload access to Legal Documents."

Flow:

* [CONFIRM]: "Email? Upload-Only or Editor? Expiration? Which folder?"

* `list_item_collaborations` (audit current)

* `create_collaboration` (with confirmed params)

* Verify and report

### Example 3: DD Question

Request: "What was EBITDA for last 3 years?"

Flow:

* `search_files_keyword` ("EBITDA", Financial Statements folder)

* Identify annual reports (last 3 years)

* `ai_qa_multi_file` (specific question)

* Present answer with citations

* Offer additional metrics extraction

### Example 4: Permission Audit

Request: "Check who has access before sharing with buyer's team."

Flow:

* `list_item_collaborations` (root)

* Categorize internal vs. external

* Present audit report

* [CONFIRM]: "Buyer's team access: folders? permission? expiration?"

* Wait for confirmation

## More skills from box
boxby boxBuild and troubleshoot Box integrations for uploads, folders, folder listings, downloads and previews, shared links, collaborations, search, metadata,…

---

**Source**: https://github.com/box/box-for-ai/tree/HEAD/skills/box-legal-workflows-ma
**Author**: box
**Discovered via**: mcpservers.org