platform.gitlab.pm-risk-routing

Use to choose which custom subagents should be created for a GitLab review run.

6 stars

Best use case

platform.gitlab.pm-risk-routing is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Use to choose which custom subagents should be created for a GitLab review run.

Teams using platform.gitlab.pm-risk-routing should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/pm-risk-routing/SKILL.md --create-dirs "https://raw.githubusercontent.com/contrueCT/nine1bot/main/packages/platform-gitlab/skills/review/pm-risk-routing/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/pm-risk-routing/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How platform.gitlab.pm-risk-routing Compares

Feature / Agent	platform.gitlab.pm-risk-routing	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Use to choose which custom subagents should be created for a GitLab review run.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# PM Risk Routing

Route by blast radius:

- Security subagent: auth, access control, secrets, dependency loading, command execution, network boundaries, user data, persistence, webhook verification.
- QA subagent: behavior changes, tests, migrations, release configuration, failure handling, cross-platform paths.
- Frontend subagent: UI, layout, accessibility, state, browser integration, user-facing text.
- Technical architecture subagent: shared contracts, runtime boundaries, plugin APIs, orchestration, persistence, config.
- Developer subagent: implementation patches only when the run allows code changes.

Use `failureMode: abort-run` for PM/spec gates that are required. Use `ignore` or `fallback` for optional QA/Security/Frontend subagents and report timeouts in the final comment.

Default routing should be conservative:

- Small MR with low-risk local changes: PM can review directly without subagents.
- Runtime/API/config/persistence changes: include technical architecture.
- User-facing frontend changes: include frontend.
- Behavior or test-sensitive changes: include QA.
- Auth, token, webhook, command, network, dependency, storage, or data exposure changes: include security.