name: risk-triage-skill description: Assign task risk tier and change type with explicit rationale. owner_agent: orchestrator secondary_agents:
- change-verifier
- compliance-verifier default_model_tier: A allowed_risk_tiers:
- L1
- L2
- L3
- L4 required_inputs:
- task_id
- task_title
- acceptance_criteria
- touched_files
- constraints required_outputs:
- change_type
- risk_tier
- rationale
- required_specialist_classes version: 1.0.0
Risk Triage Skill
Intent
Classify the task consistently so routing, verification, and budgeting are proportional to risk.
When to invoke
- L2+ work, and L1 when impact scope is unclear.
- Use before assigning tier; align output with
risk-tiering.mdcandmain-orchestration.mdc.
When not to invoke
- L1 micro, local, obvious non-behavioral edits (e.g. typo-only docs).
Inputs required
task_id,task_titleacceptance_criteria[]touched_files[]or expected scope- constraints and compliance/security notes
Procedure
- Determine primary change type: ui/api/security/data/domain/docs/infra/mixed.
- Evaluate potential impact:
- data integrity or migration risk
- auth/authz/secrets/session risk
- domain-financial or compliance risk
- user-facing regression risk
- Assign tier L1-L4.
- Apply highest-tier-wins if multiple concerns exist.
- Output required specialist classes for this tier.
Output contract
summarychange_typerisk_tierassumptions[]rationalerequired_specialist_classes[]residual_riskconfidence
Quality checklist
- Tier assignment is justified by concrete risk factors.
- Highest-tier-wins rule applied where relevant.
- Specialist classes are explicit.
Anti-patterns
- Picking low tier to reduce process overhead.
- Tier assignment without rationale.
Model guidance
- Default Tier A.
- Escalate to Tier B if scope ambiguity remains high.
Telemetry tags
skill_name=risk-triage-skillskill_mode=standardskill_outcome=pass|warn|fail