Skill

risk-assess

Assesses uncommitted code risk with breaking change detection, blast radius analysis, and scope metrics. Use for PR risk evaluation, pre-commit checks, large refactoring reviews.

Bash

Git

Javascript

code-quality

git-workflow

npx claudepluginhub sd0xdev/sd0x-dev-flow --plugin sd0x-dev-flow

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- Security vulnerability detection (use `/codex-security`)

Supporting Assets

references/output-template.mdreferences/risk-dimensions.mdscripts/risk-analyze.js

SKILL.md

Similar Skills

blast-radius

242

Analyzes blast radius of code changes with risk scoring using code knowledge graph or git diff/grep fallback. Shows affected nodes, untested functions, and review priorities.

pensive

differential-review

4.2k

Performs security reviews of PRs, commits, and diffs using git history for context, blast radius calculation, test coverage checks, and markdown reports.

4 files5 tools

differential-review

impact

Analyzes blast radius of code changes via GitNexus CLI: upstream/downstream callers, test coverage, and risk levels based on dependents. Use before modifying functions to assess safety.

4 tools

gitnexus-tools

Stats

Stars147

Forks20

Last CommitMar 5, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Risk Assessment

When NOT to Use

Security vulnerability detection (use /codex-security)
Code correctness / lint / test review (use /codex-review-fast)
Project-level health audit (use /project-audit)

Procedure

Run bash scripts/run-skill.sh risk-assess risk-analyze.js --json to collect deterministic scores
Parse the JSON output — overall_score, risk_level, dimensions, flags, gate, next_actions
If risk_level = Critical (score 75-100) — highlight all breaking signals, recommend splitting PRs
If risk_level = High (score 50-74) — auto-escalate to --mode deep, detail blast radius
If risk_level = Medium (score 30-49) — summarize dimensions, note areas of concern
If risk_level = Low (score 0-29) — brief summary, confirm safe to proceed
Add qualitative interpretation beyond the scores (e.g., "high blast radius but all dependents are test files")

Script Integration

The script analyzes 3 dimensions + 2 conditional flags:

Dimension	Weight	What It Measures
breaking_surface	45%	Removed exports, renamed APIs, changed signatures, deleted modules
blast_radius	35%	Number of files importing changed modules (grep-based)
change_scope	20%	File count, LOC delta, directory span, rename ratio

Flag	Trigger	What It Checks
migration_safety	Migration/schema files in diff	Rollback/down file exists
regression_hint	(v2 stub)	Future: git history analysis

Scoring Model

Overall: breaking_surface * 0.45 + blast_radius * 0.35 + change_scope * 0.20
Each dimension: 0-100 scale
Overall: 0-100 scale

Risk Levels

Score	Level	Gate	Exit Code
0-29	Low	PASS	0
30-49	Medium	PASS	0
50-74	High	REVIEW	1
75-100	Critical	BLOCK	2

Script Failure Fallback

If the script fails, report the error and suggest running manually:

bash scripts/run-skill.sh risk-assess risk-analyze.js --json

Output Format

## Risk Assessment Report

| Field | Value |
|-------|-------|
| Score | **[N]/100** |
| Risk Level | [icon] [level] |
| Gate | [PASS/REVIEW/BLOCK] |

### Dimensions
[table of dimension scores + weights]

### Breaking Change Signals
[list of detected signals — only if any]

### Next Actions
[prioritized action items]

## Gate: [sentinel]

References

references/risk-dimensions.md — Signal catalog, import patterns, scoring bands (read when investigating a specific dimension)
references/output-template.md — JSON schema, report templates per risk level (read when customizing output)

Verification

Script ran successfully
All 3 dimensions scored
Qualitative interpretation added beyond raw scores
Next actions are actionable (include commands where applicable)
Gate sentinel present in output