Best use case
openup-create-risk-list is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Create or update risk assessment document from template
Teams using openup-create-risk-list should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/openup-create-risk-list/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How openup-create-risk-list Compares
| Feature / Agent | openup-create-risk-list | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Create or update risk assessment document from template
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Create Risk List This skill creates or updates a risk list document from the OpenUP template. ## When to Use Use this skill when: - Starting a new project and need to identify risks - In Inception phase documenting major risks - New risks emerge during project - Need to update risk probability or impact - Planning risk mitigation strategies ## When NOT to Use Do NOT use this skill when: - Risk list exists and only minor updates needed (edit directly) - Looking for issue tracking (use issue tracker) - Risks have been realized and are now issues (manage as issues) - Need detailed risk analysis (use risk management process) ## Success Criteria After using this skill, verify: - [ ] Risk list exists at `docs/risk-list.md` - [ ] Risks are documented with descriptions - [ ] Probability and impact are assessed - [ ] Mitigation strategies are defined - [ ] Risk owners are assigned ## Process ### Load Project Config (context + rules — do this first) Before drafting, layer in project-owned context and rules so the artifact reflects facts and standards the framework can't infer. Full mechanism + precedence: `docs-eng-process/project-config.md`. 1. If `docs/project-config.yaml` exists, read it. If it is **absent, skip this step** — framework defaults apply unchanged. 2. Inject `context:` into your working prompt wrapped in `<project-context>…</project-context>`, and `rules.<TYPE>` (if present) wrapped in `<project-rules>…</project-rules>`. For this skill `<TYPE>` is **`risk-list`**. 3. Project rules are **additive** to the framework rubric — precedence is **framework rubric → project rules → task-spec safeguards**. A project rule may add a criterion but may **not** waive a framework rubric criterion or a safeguard. 4. Before marking this artifact complete, confirm every injected `<project-rules>` item is satisfied alongside the framework rubric. ### 1. Check for Existing Risk List Check if `docs/risk-list.md` exists: - If yes, update it - If no, create from template ### 2. Copy Template (if new) If creating new, copy `docs-eng-process/templates/risk-list.md` to `docs/risk-list.md` ### 3. Read Project Context Read `docs/project-status.md`, `docs/vision.md` to identify potential risks. ### 4. Fill in Risk List Update with: - **Project name** and context - **Risks**: From `$ARGUMENTS[risks]` or identify from project context For each risk, document: - Risk description - Probability (high/medium/low) - Impact (high/medium/low) - Mitigation strategy - Owner/responsible party ### 5. Validate Completeness Ensure the risk list includes: - Clear risk descriptions - Probability and impact assessments - Mitigation strategies - Risk owners ## Output Returns: - Path to risk list - Number of risks documented - High-priority risks summary ## Common Errors | Error | Cause | Solution | |-------|-------|----------| | Template not found | Template path incorrect | Verify `docs-eng-process/templates/risk-list.md` exists | | No risks identified | Project context insufficient | Review vision and requirements for potential risks | | Missing mitigation | Risks documented without mitigation | Add mitigation strategy for each risk | ## References - Risk List Template: `docs-eng-process/templates/risk-list.md` - Risk Management: `docs-eng-process/openup-knowledge-base/practice-management/risk_val_lifecycle/` - Project Manager Role: `docs-eng-process/openup-knowledge-base/core/role/roles/project-manager-4.md` ## See Also - [openup-inception](../../openup-phases/inception/SKILL.md) - Inception phase risk identification - [openup-create-vision](../create-vision/SKILL.md) - Vision reveals potential risks - [openup-create-architecture-notebook](../create-architecture-notebook/SKILL.md) - Technical risk assessment
Related Skills
openup-transition
Initialize and manage Transition phase activities - deploy to users
openup-tdd-workflow
Guide Test-Driven Development cycle adapted for AI agents with a pragmatic approach
openup-sync-spec
Back-propagate pure refactors to stale artifacts; classify the diff, refuse behaviour-changes, propose targeted edits for approval (read-only by default)
openup-start-iteration
Begin a new OpenUP iteration with proper phase context and task selection
openup-shared-vision
Create shared technical vision for team alignment
openup-retrospective
Generate iteration retrospective with feedback and action items
openup-request-input
Create an input request document for asynchronous stakeholder communication
openup-readiness
Compute the change-folder dependency DAG and print READY/BLOCKED/collision report for PM intake
openup-quick-task
Fast iteration mode for small changes - simplified workflow with minimal overhead
openup-plan-feature
Generate iteration plan and roadmap entry for a feature idea
openup-phase-review
Check phase completion criteria and prepare for phase review
openup-orchestrate
Run a full orchestrated iteration — PM decomposes the goal, delegates to specialist roles, collects outputs, and synthesizes results