name:: identify-risks
type:: atomic
license:: MIT
description:: Do NOT fabricate risks — every risk MUST reference a specific task or requirement as concrete evidence, then verify every likelihood and impact rating is justified by that evidence before proceeding. Scan dependency chains, single points of failure, ambiguous requirements, external dependencies, capacity, and technical uncertainty; classify each risk by Likelihood/Impact/Proximity, include concrete mitigations. Language-agnostic. Use when asked about risks, risk assessment, blockers, what could go wrong, or to produce a risk register for a plan, PRD, ticket set, or sprint.
metadata:: {"version":"1.0.0","user-invocable":"true"}

Identifying Project Risks

Name: igmarin/agnostic-planning-skills
Rating: 91.31 (1 reviews)
Author: igmarin

Scan plans for risks backed by concrete evidence — not speculation.

Quick Reference

Input: Task list, PRD, ticket set, or sprint plan.
Output: Risk register (description, likelihood, impact, mitigation).
Rule: Every risk cites specific evidence from the plan.

HARD-GATE

DO NOT fabricate risks. Every risk MUST reference a specific task or requirement.
DO NOT flag everything as high-risk — use the likelihood/impact matrix honestly.
DO NOT skip mitigations — every risk needs at least one concrete mitigation.

Core Process

Receive — task list, PRD, ticket set, or sprint plan.
Scan risk patterns (see Risk Patterns below) — dependency chains, external deps, ambiguity, single points of failure, capacity, technical uncertainty.
Classify — Likelihood (High/Medium/Low), Impact (High/Medium/Low), Proximity (Immediate/Near-term/Future).
Suggest mitigations — prevention, contingency, owner.
Validate — cross-check each risk against the plan:
- Remove any risk that lacks direct evidence from the source material
- Flag gaps where patterns apply but no risk was identified
- Verify likelihood/impact ratings are justified by evidence
Output — structured risk register.

Risk Patterns

Apply these six patterns when scanning the plan:

#	Pattern	Signals
1	Dependency Chain	Task B cannot start until Task A completes; A is not yet done
2	Single Point of Failure	Only one person owns a critical path item; no documented backup
3	Ambiguous Requirement	Acceptance criteria missing, TBD placeholders, or vague verbs ("improve", "enhance")
4	External Dependency	Third-party API, vendor delivery, regulatory approval, or customer sign-off required
5	Capacity / Resource	Team member over-allocated; holiday or leave overlaps delivery window
6	Technical Uncertainty	New technology, unproven integration, or no spike/prototype yet planned

Concrete Example

Sample input task: "Integrate payment gateway — assigned to Alice, go-live Friday. Vendor sandbox access not yet confirmed."

Resulting risk register row:

ID	Risk	Likelihood	Impact	Proximity	Evidence	Mitigation
R1	Payment gateway integration blocked by missing vendor sandbox access	High	High	Immediate	Task: "Vendor sandbox access not yet confirmed"	Owner: Alice escalates to vendor by EOD Monday; contingency: mock server for internal testing until access granted

Output Style

Risk Register — | ID | Risk | Likelihood | Impact | Proximity | Evidence | Mitigation |
Summary — count by severity and proximity.
Top 3 risks — detailed mitigation recommendations.
Assumptions — about team, timeline, or external factors.
English only unless user requests otherwise.

Integration

Skill	When to chain
estimate-tasks	After estimation, assess risks from high-uncertainty tasks
generate-tasks	After task breakdown, identify dependency risks
generate-status-report	Include risk updates in stakeholder status reports

.tessl-plugin

README.md

tile.json

igmarin/agnostic-planning-skills

SKILL.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}skills/execution/identify-risks/