Risk Assessment
Run a structured risk register with likelihood–impact scoring before committing to vendors, launches, or operational changes.
Overview
risk-assessment is a journey-wide agent skill that identifies, scores, and plans mitigations for operational risks—usable whenever a solo builder needs to stress-test a project, vendor, or decision before committing.
Install
npx skills add https://github.com/anthropics/knowledge-work-plugins --skill risk-assessmentWhat is this skill?
- 3×3 likelihood–impact matrix mapping to Critical / High / Medium / Low risk levels
- Six risk categories: Operational, Financial, Compliance, Strategic, Reputational, Security
- Risk register fields: description, likelihood, impact, level, mitigation, owner, status
- Triggered by phrases like “what are the risks” and “risk register”
- Systematic mitigation planning rather than ad-hoc worry lists
- 3×3 risk assessment matrix
- 6 documented risk categories
Adoption & trust: 1.7k installs on skills.sh; 19.6k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are about to commit budget, compliance exposure, or reputation but only have a vague sense of what could go wrong and no shared register.
Who is it for?
Founders evaluating vendors, launches, or process changes who want a repeatable risk register without hiring a GRC team.
Skip if: Deep technical pentest findings, formal SOC2 control mapping only, or situations where risks are already documented in an approved enterprise register you must not duplicate.
When should I use this skill?
User says what are the risks, risk assessment, risk register, what could go wrong, or is evaluating risks for a project, vendor, process, or decision.
What do I get? / Deliverables
You leave with a categorized risk register, matrix-rated levels, mitigations, owners, and open/mitigated/accepted/closed status fields ready to act on.
- Risk register with likelihood and impact ratings
- Mitigation and owner assignments
- Status-tracked risk list (Open / Mitigated / Accepted / Closed)
Recommended Skills
Journey fit
Useful at every journey phase - explore requirements and options before committing to a direction.
Where it fits
Score strategic and financial risks before expanding MVP scope to a second platform.
Catalog reputational and operational risks the day before a public release or pricing change.
Refresh the register after an outage pattern or third-party API dependency change.
Assess customer-impact and compliance risks when adding automated billing or data retention policies.
How it compares
Use instead of unstructured “what if” brainstorming when you need likelihood, impact, owners, and mitigation columns in one pass.
Common Questions / FAQ
Who is risk-assessment for?
Solo builders and indie operators who need a lightweight operational risk framework for projects, vendors, and business decisions without a dedicated risk team.
When should I use risk-assessment?
Use it in Validate when scoping a bet; in Ship before a major launch; in Operate when reviewing outages or vendor changes; and in Grow when distribution or support changes add reputational exposure—whenever you ask what could go wrong or need a risk register.
Is risk-assessment safe to install?
It is procedural documentation with no implied shell or network access; review the Security Audits panel on this page before installing any skill from the repo.
SKILL.md
READMESKILL.md - Risk Assessment
# Risk Assessment Systematically identify, assess, and plan mitigations for operational risks. ## Risk Assessment Matrix | | Low Impact | Medium Impact | High Impact | |---|-----------|---------------|-------------| | **High Likelihood** | Medium | High | Critical | | **Medium Likelihood** | Low | Medium | High | | **Low Likelihood** | Low | Low | Medium | ## Risk Categories - **Operational**: Process failures, staffing gaps, system outages - **Financial**: Budget overruns, vendor cost increases, revenue impact - **Compliance**: Regulatory violations, audit findings, policy breaches - **Strategic**: Market changes, competitive threats, technology shifts - **Reputational**: Customer impact, public perception, partner relationships - **Security**: Data breaches, access control failures, third-party vulnerabilities ## Risk Register Format For each risk, document: - **Description**: What could happen - **Likelihood**: High / Medium / Low - **Impact**: High / Medium / Low - **Risk Level**: Critical / High / Medium / Low - **Mitigation**: What we're doing to reduce likelihood or impact - **Owner**: Who is responsible for managing this risk - **Status**: Open / Mitigated / Accepted / Closed ## Output Produce a prioritized risk register with specific, actionable mitigations. Focus on risks that are controllable and material.