Skill

risk-to-jira-transformer

Transforms natural language risk assessments into Jira API JSON tickets, extracting likelihood, impact, mitigation, priority, labels, and Definition of Done criteria. Useful for security and engineering risk tracking.

Jira

Node

Javascript

security

automation

Install

npx claudepluginhub grcengclub/claude-grc-engineering --plugin grc-engineer

Tool Access

This skill is limited to using the following tools:

BashReadGlobWriteEdit

Preview

Converts unstructured risk assessments into structured engineering tickets. Turns "Risk Management" into "Task Management."

SKILL.md

Similar Skills

ui-ux-pro-max

Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.

ui-ux-pro-max

57.6k

context7-mcp

Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.

context7-plugin

51.8k

market-sizing-analysis

2 files

Calculates TAM/SAM/SOM using top-down, bottom-up, and value theory methodologies for market sizing, revenue estimation, and startup validation.

startup-business-analyst

32.9k

Stats

Parent Repo Stars21

Parent Repo Forks4

Last CommitApr 13, 2026

Actions

View Source View Plugin View on GitHub View README

Risk-to-Jira Transformer

Converts unstructured risk assessments into structured engineering tickets. Turns "Risk Management" into "Task Management."

Quick Commands

Transform a risk assessment:

node scripts/transform-risk.js "Vulnerability in authentication service discovered during pen test. High likelihood, critical impact. Mitigation: Implement OAuth2 with PKCE." SEC

Transform with custom project:

node scripts/transform-risk.js "<risk description>" INFRA

Input Format

Accepts natural language risk descriptions. Automatically extracts:

Risk Description - What is the risk?
Likelihood - How likely is it to occur? (Low/Medium/High/Critical)
Impact - What is the impact? (Low/Medium/High/Critical)
Mitigation - How to address it?
Affected Systems - Which systems are impacted?

Output Format

Generates JSON formatted for Jira API:

{
  "fields": {
    "project": { "key": "SEC" },
    "summary": "Implement OAuth2 with PKCE for authentication service",
    "description": "...",
    "issuetype": { "name": "Security Task" },
    "priority": { "name": "Critical" },
    "labels": ["security", "authentication", "risk-mitigation"],
    "customfield_10001": "High",  // Likelihood
    "customfield_10002": "Critical",  // Impact
    "customfield_10003": "Implement OAuth2 with PKCE"  // Mitigation
  }
}

Jira Fields Generated

Summary - Concise risk title
Description - Full risk assessment with context
Priority - Based on Likelihood × Impact matrix
Labels - Auto-tagged with relevant categories
Issue Type - Security Task, Bug, Story, etc.
Definition of Done - Clear acceptance criteria
Custom Fields - Likelihood, Impact, Mitigation (if configured)

Risk Scoring

Automatically calculates risk score:

Critical - High/Critical Likelihood × High/Critical Impact
High - Medium Likelihood × High Impact, or High Likelihood × Medium Impact
Medium - Other combinations
Low - Low Likelihood × Low Impact

Example Inputs

"SQL injection vulnerability found in user input validation. High likelihood of exploitation, critical impact on data integrity. Mitigation: Implement parameterized queries and input sanitization."
"Missing encryption on database backups. Medium likelihood of data breach, high impact. Mitigation: Enable encryption at rest for all backup storage."
"Unauthorized access possible due to weak password policy. High likelihood, medium impact. Mitigation: Enforce strong password requirements and MFA."

Prerequisites

Risk description (natural language)
Optional: Jira project key (defaults to SEC)
Optional: Jira API credentials (for direct posting)