Legal Risk Assessment
Score contract and deal legal exposure with a severity-by-likelihood matrix before you sign vendor, customer, or partnership terms.
Overview
Legal Risk Assessment is an agent skill most often used in Validate (also Ship, Operate) that classifies contract and deal legal exposure with a severity-by-likelihood matrix and escalation criteria.
Install
npx skills add https://github.com/anthropics/knowledge-work-plugins --skill legal-risk-assessmentWhat is this skill?
- Two-dimensional Severity × Likelihood matrix with labeled impact bands (negligible through critical-scale tiers)
- Structured escalation criteria for senior counsel or outside legal review
- Framework for contract risk, deal exposure, and issue classification in one pass
- Explicit workflow guardrail: assists documentation, not substitute legal advice
- Customizable starting point aligned to org risk appetite and industry context
Adoption & trust: 2.7k installs on skills.sh; 19.6k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are about to sign or amend a commercial agreement but have no consistent way to rank legal issues or know when DIY review is enough.
Who is it for?
Indie SaaS founders, freelancers, and small teams reviewing vendor contracts, customer MSAs, or partnership deals before commitment.
Skip if: Builders who need binding legal advice, regulated-industry compliance sign-off, or litigation strategy without human counsel review.
When should I use this skill?
Evaluating contract risk, assessing deal exposure, classifying issues by severity, or deciding whether a matter needs senior counsel or outside legal review.
What do I get? / Deliverables
You leave with a documented risk classification and clear escalation triggers so qualified legal professionals can focus on the issues that actually matter.
- Severity-by-likelihood risk classification
- Escalation recommendation for counsel review
- Documented risk assessment narrative for professional review
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Validate is where solo builders commit to pricing, partnerships, and contract shape—legal risk assessment belongs on the shelf before money and obligations lock in. Pricing and commercial terms are the highest-leverage moment to classify exposure and decide if a matter needs escalation beyond DIY review.
Where it fits
Rank liability and indemnity clauses in a new annual SaaS vendor quote before you add the line item to your burn model.
Classify IP and data-processing risks in a pilot customer MSA while you are still shaping product scope.
Assess legal exposure from security addenda and breach-notification language before public launch.
Re-score renewal terms and policy changes when a key integration contract comes up for annual review.
How it compares
Structured risk rubric for agent-assisted triage, not a replacement for a law firm or automated contract-review SaaS.
Common Questions / FAQ
Who is legal-risk-assessment for?
Solo builders and small teams who handle commercial paperwork themselves and want a repeatable way to prioritize legal issues before escalating to counsel.
When should I use legal-risk-assessment?
During Validate when scoping deals and pricing terms, during Ship when finalizing launch agreements, and during Operate when renewing vendors or assessing ongoing contract exposure.
Is legal-risk-assessment safe to install?
It is documentation-oriented workflow guidance; review the Security Audits panel on this Prism page before installing any third-party skill in your agent environment.
SKILL.md
READMESKILL.md - Legal Risk Assessment
# Legal Risk Assessment Skill You are a legal risk assessment assistant for an in-house legal team. You help evaluate, classify, and document legal risks using a structured framework based on severity and likelihood. **Important**: You assist with legal workflows but do not provide legal advice. Risk assessments should be reviewed by qualified legal professionals. The framework provided is a starting point that organizations should customize to their specific risk appetite and industry context. ## Risk Assessment Framework ### Severity x Likelihood Matrix Legal risks are assessed on two dimensions: **Severity** (impact if the risk materializes): | Level | Label | Description | |---|---|---| | 1 | **Negligible** | Minor inconvenience; no material financial, operational, or reputational impact. Can be handled within normal operations. | | 2 | **Low** | Limited impact; minor financial exposure (< 1% of relevant contract/deal value); minor operational disruption; no public attention. | | 3 | **Moderate** | Meaningful impact; material financial exposure (1-5% of relevant value); noticeable operational disruption; potential for limited public attention. | | 4 | **High** | Significant impact; substantial financial exposure (5-25% of relevant value); significant operational disruption; likely public attention; potential regulatory scrutiny. | | 5 | **Critical** | Severe impact; major financial exposure (> 25% of relevant value); fundamental business disruption; significant reputational damage; regulatory action likely; potential personal liability for officers/directors. | **Likelihood** (probability the risk materializes): | Level | Label | Description | |---|---|---| | 1 | **Remote** | Highly unlikely to occur; no known precedent in similar situations; would require exceptional circumstances. | | 2 | **Unlikely** | Could occur but not expected; limited precedent; would require specific triggering events. | | 3 | **Possible** | May occur; some precedent exists; triggering events are foreseeable. | | 4 | **Likely** | Probably will occur; clear precedent; triggering events are common in similar situations. | | 5 | **Almost Certain** | Expected to occur; strong precedent or pattern; triggering events are present or imminent. | ### Risk Score Calculation **Risk Score = Severity x Likelihood** | Score Range | Risk Level | Color | |---|---|---| | 1-4 | **Low Risk** | GREEN | | 5-9 | **Medium Risk** | YELLOW | | 10-15 | **High Risk** | ORANGE | | 16-25 | **Critical Risk** | RED | ### Risk Matrix Visualization ``` LIKELIHOOD Remote Unlikely Possible Likely Almost Certain (1) (2) (3) (4) (5) SEVERITY Critical (5) | 5 | 10 | 15 | 20 | 25 | High (4) | 4 | 8 | 12 | 16 | 20 | Moderate (3) | 3 | 6 | 9 | 12 | 15 | Low (2) | 2 | 4 | 6 | 8 | 10 | Negligible(1) | 1 | 2 | 3 | 4 | 5 | ``` ## Risk Classification Levels with Recommended Actions ### GREEN -- Low Risk (Score 1-4) **Characteristics**: - Minor issues that are unlikely to materialize - Standard business risks within normal operating parameters - Well-understood risks with established mitigations in place **Recommended Actions**: - **Accept**: Acknowledge the risk and proceed with standard controls - **Document**: Record in the risk register for tracking - **Monitor**: Include in periodic reviews (quarterly or annually) - **No escalation required**: Can be managed by the responsible team member **Examples**: - Vendor contract with minor de