Use when the user asks to "plan risk responses", "create mitigation strategies", "define risk treatments", "design contingency plans", "assign risk owners", or mentions risk mitigation, risk transfer, risk avoidance, risk acceptance, response strategies, trigger-response mapping.
From pmnpx claudepluginhub javimontano/mao-pm-apexThis skill is limited to using the following tools:
evals/evals.jsonexamples/README.mdexamples/sample-output.mdprompts/metaprompts.mdprompts/use-case-prompts.mdreferences/body-of-knowledge.mdreferences/knowledge-graph.mmdreferences/state-of-the-art.mdSearches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Reviews Flutter/Dart code with library-agnostic checklist for widget best practices, state management patterns, Dart idioms, performance, accessibility, security, and clean architecture.
TL;DR: Develops specific response strategies for each identified risk: avoid, transfer, mitigate, or accept for threats; exploit, share, enhance, or accept for opportunities. Each response includes action plans, trigger conditions, responsible owners, and cost/schedule impact. Updates the project plan with risk-related activities.
Identificar un riesgo sin planificar una respuesta es como diagnosticar una enfermedad sin prescribir tratamiento. La respuesta debe ser proporcional al riesgo: no gastar más en mitigación que el impacto esperado. Las mejores respuestas eliminan la causa raíz; las segundas mejores reducen la probabilidad o el impacto.
# Full response planning for all prioritized risks
/pm:risk-response-planning $ARGUMENTS="--risk-register risks.md --budget budget.md"
# Response planning for top 10 risks only
/pm:risk-response-planning --type top-n --count 10
# Update responses after quantification
/pm:risk-response-planning --type update --quantification quant-report.md
Parameters:
| Parameter | Required | Description |
|---|---|---|
$ARGUMENTS | Yes | Path to risk register and budget baseline |
--type | No | full (default), top-n, update, opportunities |
--count | No | Number of top risks to address (default all prioritized) |
--appetite | No | Path to risk appetite framework |
{TIPO_PROYECTO} variants:
risk-register)risk-quantification)risk-appetite-framework)Good example — Proportional risk responses:
| Attribute | Value |
|---|---|
| Risks with responses | 15 risks with strategy assigned |
| Strategies | 3 mitigate, 2 avoid, 2 transfer, 5 accept, 3 contingency |
| Trigger conditions | All 15 have measurable trigger conditions |
| Cost-benefit | Every mitigation cost < 50% of expected impact |
| Secondary risks | 2 secondary risks identified from responses |
| Residual risk | Documented for all 15 risks |
Bad example — Generic responses: "Monitor the risk" for every entry. Monitoring is not a response — it is observation. Without specific actions, trigger conditions, and responsible owners, risk responses exist only on paper and will not activate when needed.
03_risk_responses_{proyecto}_{WIP}.md — Risk response plan| Resource | When to read | Location |
|---|---|---|
| Body of Knowledge | Before starting to understand standards and frameworks | references/body-of-knowledge.md |
| State of the Art | When benchmarking against industry trends | references/state-of-the-art.md |
| Knowledge Graph | To understand skill dependencies and data flow | references/knowledge-graph.mmd |
| Use Case Prompts | For specific scenarios and prompt templates | prompts/use-case-prompts.md |
| Metaprompts | To enhance output quality and reduce bias | prompts/metaprompts.md |
| Sample Output | Reference for deliverable format and structure | examples/sample-output.md |
The Contingency Trigger Definer Agent establishes precise, observable trigger conditions that activate contingency and fallback plans when primary risk responses prove insufficient. It specifies leading indicators (early-warning signals), quantitative threshold values, monitoring frequency and responsible monitors, escalation chains, and automatic activation rules — eliminating ambiguity so that the project team knows exactly when to shift from the primary response to the contingency plan without waiting for subjective judgment calls.
## Contingency Trigger Specification — {Risk ID}: {Risk Title}
### Trigger Summary
- Primary response: {strategy description}
- Number of trigger conditions defined: {N}
- Monitoring cadence: {frequency}
- Auto-activation: {yes/no}
### Trigger Cards
#### Trigger T-{nn}: {Indicator Name}
- **Leading indicator**: {description}
- **Data source**: {system, report, or manual observation}
- **Measurement method**: {how it is measured}
- **Threshold**: {operator} {value} {unit} (e.g., > 15% defect rate)
- **Confidence**: {high|medium|low} — based on {source}
- **Monitoring frequency**: {daily|weekly|per-sprint|per-milestone}
- **Responsible monitor**: {name, role}
### Activation Rules
| Rule ID | Condition | Action | Time Window |
|---------|-----------|--------|-------------|
| AR-01 | IF T-01 > threshold | Alert risk owner | Within 4 hrs |
| AR-02 | IF T-01 > threshold AND T-02 trend upward x2 periods | Activate contingency plan CP-{nn} | Within 24 hrs |
| AR-03 | IF contingency ineffective after {N} days | Escalate to sponsor + activate fallback | Within 48 hrs |
### Escalation Matrix
| Level | Triggered When | Notified | Authority | Response Window |
|-------|---------------|----------|-----------|-----------------|
| L1 | Single trigger breached | Risk Owner | Adjust within plan | 24 hrs |
| L2 | Compound trigger activated | PM + Sponsor | Approve contingency budget | 48 hrs |
| L3 | Contingency plan fails | Steering Committee | Scope/schedule change authority | 72 hrs |
### Decision Tree
{Mermaid flowchart from normal monitoring → trigger detection → activation → escalation}
The Mitigation Plan Designer Agent translates high-level mitigation strategies into executable action plans with granular tasks, named owners, firm deadlines, quantified resource requirements, and measurable success criteria. Each plan is structured to reduce either the probability or impact of the risk (or both) to an acceptable residual level, and includes dependencies, prerequisites, and integration points with the project schedule to prevent mitigation activities from becoming schedule risks themselves.
## Mitigation Action Plan — {Risk ID}: {Risk Title}
### Executive Summary
- Target: Reduce {probability|impact|both} from {current} to {target}
- Timeline: {start} to {end}
- Budget: ${allocated}
- Owner: {name, role}
### Task Register
| # | Task | Owner | Start | Deadline | Effort (hrs) | Budget | Dependency | Success Criterion |
|---|------|-------|-------|----------|-------------|--------|------------|-------------------|
| 1 | ... | ... | ... | ... | ... | ... | ... | ... |
### RACI Matrix
| Task | Responsible | Accountable | Consulted | Informed |
|------|------------|-------------|-----------|----------|
| ... | ... | ... | ... | ... |
### Resource Budget
- Personnel: {hours} hrs @ ${rate} = ${total}
- Tools/licenses: ${amount}
- Third-party services: ${amount}
- **Total: ${amount} of ${allocated} allocated**
### Schedule Integration
- Critical path impact: {none|{detail}}
- Parallel execution opportunities: {list}
- Milestone alignment: {list}
### Success Criteria Checklist
- [ ] {Criterion 1 — observable, measurable}
- [ ] {Criterion 2}
- [ ] Overall: Residual risk score <= {target threshold}
The Residual Risk Assessor Agent performs post-response risk reassessment to determine whether planned response strategies reduce risk exposure to levels within the organization's defined tolerance. It recalculates probability and impact after accounting for the planned response, identifies secondary risks introduced by the response itself (e.g., a vendor transfer creating a new dependency risk), quantifies the gap between residual exposure and the tolerance threshold, and recommends corrective action when residual risk exceeds acceptable levels — closing the feedback loop in the risk response planning cycle.
## Residual Risk Assessment Report
### Executive Summary
- Risks reassessed: {N}
- Within tolerance after response: {n} ({%})
- Above tolerance — corrective action needed: {n} ({%})
- Secondary risks identified: {n}
- Net EMV reduction: ${original_total} -> ${residual_total} ({%} reduction)
### Pre/Post Comparison
| Risk ID | Title | Pre-Prob | Pre-Impact | Pre-EMV | Strategy | Post-Prob | Post-Impact | Residual EMV | Status |
|---------|-------|----------|-----------|---------|----------|-----------|-------------|-------------|--------|
| R-001 | ... | ... | ... | ... | ... | ... | ... | ... | WITHIN / ABOVE |
### Secondary Risk Register
| Sec-Risk ID | Source Risk | Secondary Risk Description | Probability | Impact | EMV | Response Needed |
|-------------|-----------|---------------------------|-------------|--------|-----|-----------------|
| SR-001 | R-003 | ... | ... | ... | ... | Yes/No |
### Tolerance Compliance Matrix
| Risk ID | Residual Score | Tolerance Threshold | Gap | Compliant |
|---------|---------------|--------------------|----|-----------|
| R-001 | ... | ... | ...| YES / NO |
### Corrective Action Recommendations
| Risk ID | Issue | Recommended Action | Est. Cost | Expected Residual After Correction |
|---------|-------|--------------------|-----------|-----------------------------------|
| R-005 | Residual EMV exceeds tolerance by 20% | Add secondary mitigation: {detail} | ${amount} | {score} — WITHIN tolerance |
### Approval Required
- Risks requiring formal risk acceptance by sponsor: {list}
- Management reserve adjustment needed: {yes/no — amount}
The Strategy Selector Agent evaluates each identified risk against the organization's risk appetite, available budget, timeline constraints, and stakeholder priorities to recommend the most cost-effective response strategy from the five canonical options: avoid, transfer, mitigate, accept, or escalate. It produces a defensible rationale for every selection, ensuring alignment between the chosen strategy and the project's risk tolerance thresholds defined in the Risk Management Plan.
## Risk Response Strategy Selection Report
### Summary
- Total risks assessed: {N}
- Strategy distribution: Avoid ({n}), Transfer ({n}), Mitigate ({n}), Accept ({n}), Escalate ({n})
- Total response budget required: ${amount}
- Risks requiring sponsor escalation: {n}
### Per-Risk Strategy Assignment
| Risk ID | Risk Title | Score | Strategy | Rationale | Est. Cost | EMV Reduction |
|---------|-----------|-------|----------|-----------|-----------|---------------|
| R-001 | ... | ... | ... | ... | ... | ... |
### Rejected Alternatives Log
- **R-001**: Transfer rejected — insurance premium exceeds mitigation cost by 40%
- ...
### Budget Alignment
- Management reserve available: ${amount}
- Total strategy cost: ${amount}
- Remaining reserve: ${amount}
- Status: WITHIN TOLERANCE / OVER BUDGET — escalation required