Agent skill

risk-assess

Uncommitted code risk assessment with breaking change detection, blast radius analysis, and scope metrics. Use when: evaluating PR risk, pre-commit risk check, large refactoring review. Not for: security vulnerabilities (use /codex-security), code correctness (use /codex-review-fast). Output: 3-dimension weighted score + risk level + gate.

View SKILL.md on GitHub Repository
Stars 139
Forks 18

Install this agent skill to your Project

npx add-skill https://github.com/sd0xdev/sd0x-dev-flow/tree/main/skills/risk-assess

SKILL.md

Risk Assessment

When NOT to Use

  • Security vulnerability detection (use /codex-security)
  • Code correctness / lint / test review (use /codex-review-fast)
  • Project-level health audit (use /project-audit)

Procedure

  1. Run bash scripts/run-skill.sh risk-assess risk-analyze.js --json to collect deterministic scores
  2. Parse the JSON output — overall_score, risk_level, dimensions, flags, gate, next_actions
  3. If risk_level = Critical (score 75-100) — highlight all breaking signals, recommend splitting PRs
  4. If risk_level = High (score 50-74) — auto-escalate to --mode deep, detail blast radius
  5. If risk_level = Medium (score 30-49) — summarize dimensions, note areas of concern
  6. If risk_level = Low (score 0-29) — brief summary, confirm safe to proceed
  7. Add qualitative interpretation beyond the scores (e.g., "high blast radius but all dependents are test files")

Script Integration

The script analyzes 3 dimensions + 2 conditional flags:

Dimension Weight What It Measures
breaking_surface 45% Removed exports, renamed APIs, changed signatures, deleted modules
blast_radius 35% Number of files importing changed modules (grep-based)
change_scope 20% File count, LOC delta, directory span, rename ratio
Flag Trigger What It Checks
migration_safety Migration/schema files in diff Rollback/down file exists
regression_hint (v2 stub) Future: git history analysis

Scoring Model

  • Overall: breaking_surface * 0.45 + blast_radius * 0.35 + change_scope * 0.20
  • Each dimension: 0-100 scale
  • Overall: 0-100 scale

Risk Levels

Score Level Gate Exit Code
0-29 Low PASS 0
30-49 Medium PASS 0
50-74 High REVIEW 1
75-100 Critical BLOCK 2

Script Failure Fallback

If the script fails, report the error and suggest running manually:

bash
bash scripts/run-skill.sh risk-assess risk-analyze.js --json

Output Format

## Risk Assessment Report

| Field | Value |
|-------|-------|
| Score | **[N]/100** |
| Risk Level | [icon] [level] |
| Gate | [PASS/REVIEW/BLOCK] |

### Dimensions
[table of dimension scores + weights]

### Breaking Change Signals
[list of detected signals — only if any]

### Next Actions
[prioritized action items]

## Gate: [sentinel]

References

  • references/risk-dimensions.md — Signal catalog, import patterns, scoring bands (read when investigating a specific dimension)
  • references/output-template.md — JSON schema, report templates per risk level (read when customizing output)

Verification

  • Script ran successfully
  • All 3 dimensions scored
  • Qualitative interpretation added beyond raw scores
  • Next actions are actionable (include commands where applicable)
  • Gate sentinel present in output

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

sd0xdev/sd0x-dev-flow

runbook

Generate and update feature release runbooks from existing docs and codebase. Use when: creating operational runbook, release handbook, deployment checklist, pre-release preparation. Not for: incident response (v2), code review (use codex-code-review), architecture design (use architecture).

139 18
Explore
sd0xdev/sd0x-dev-flow

ask

Context-aware Q&A with auto context gathering. Use when: user has a quick question about codebase, git history, rules, docs, or skills during development. Not for: code changes (use feature-dev), code review (use codex-review-fast), deep research (use deep-research), full code trace (use code-explore). Output: structured answer with source attribution.

139 18
Explore
sd0xdev/sd0x-dev-flow

project-brief

Convert a technical spec into a PM/CTO-readable executive summary. Simplify technical details, focus on business value.

139 18
Explore
sd0xdev/sd0x-dev-flow

codex-test-gen

Generate unit tests for specified functions using Codex MCP

139 18
Explore
sd0xdev/sd0x-dev-flow

bug-fix

Bug fix workflow. Use when: fixing bugs, resolving issues, regression fixes. Not for: new features (use feature-dev), understanding code (use code-explore). Output: fix + regression test + review gate.

139 18
Explore
sd0xdev/sd0x-dev-flow

skill-health-check

Validate skill quality against routing, progressive loading, and verification criteria. Use when: auditing skills, checking skill health, reviewing skill design. Not for: code review (use codex-code-review) or doc review (use doc-review). Output: health report with per-skill ratings + Gate.

139 18
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results