qe-risk-based-testing
Focus testing effort on highest-risk areas using risk assessment and prioritization. Use when planning test strategy, allocating testing resources, or making coverage decisions.
Best use case
qe-risk-based-testing is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Focus testing effort on highest-risk areas using risk assessment and prioritization. Use when planning test strategy, allocating testing resources, or making coverage decisions.
Teams using qe-risk-based-testing should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/qe-risk-based-testing/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How qe-risk-based-testing Compares
| Feature / Agent | qe-risk-based-testing | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Focus testing effort on highest-risk areas using risk assessment and prioritization. Use when planning test strategy, allocating testing resources, or making coverage decisions.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
SKILL.md Source
# Risk-Based Testing
<default_to_action>
When planning tests or allocating testing resources:
1. IDENTIFY risks: What can go wrong? What's the impact? What's the likelihood?
2. CALCULATE risk: Risk = Probability × Impact (use 1-5 scale for each)
3. PRIORITIZE: Critical (20+) → High (12-19) → Medium (6-11) → Low (1-5)
4. ALLOCATE effort: 60% critical, 25% high, 10% medium, 5% low
5. REASSESS continuously: New info, changes, production incidents
**Quick Risk Assessment:**
- Probability factors: Complexity, change frequency, developer experience, technical debt
- Impact factors: User count, revenue, safety, reputation, regulatory
- Dynamic adjustment: Production bugs increase risk; stable code decreases
**Critical Success Factors:**
- Test where bugs hurt most, not everywhere equally
- Risk is dynamic - reassess with new information
- Production data informs risk (shift-right feeds shift-left)
</default_to_action>
## Quick Reference Card
### When to Use
- Planning sprint/release test strategy
- Deciding what to automate first
- Allocating limited testing time
- Justifying test coverage decisions
### Risk Calculation
```
Risk Score = Probability (1-5) × Impact (1-5)
```
| Score | Priority | Effort | Action |
|-------|----------|--------|--------|
| 20-25 | Critical | 60% | Comprehensive testing, multiple techniques |
| 12-19 | High | 25% | Thorough testing, automation priority |
| 6-11 | Medium | 10% | Standard testing, basic automation |
| 1-5 | Low | 5% | Smoke test, exploratory only |
### Probability Factors
| Factor | Low (1) | Medium (3) | High (5) |
|--------|---------|------------|----------|
| Complexity | Simple CRUD | Business logic | Algorithms, integrations |
| Change Rate | Stable 6+ months | Monthly changes | Weekly/daily changes |
| Developer Experience | Senior, domain expert | Mid-level | Junior, new to codebase |
| Technical Debt | Clean code | Some debt | Legacy, no tests |
### Impact Factors
| Factor | Low (1) | Medium (3) | High (5) |
|--------|---------|------------|----------|
| Users Affected | Admin only | Department | All users |
| Revenue | None | Indirect | Direct (checkout) |
| Safety | Convenience | Data loss | Physical harm |
| Reputation | Internal | Industry | Public scandal |
---
## Risk Assessment Workflow
### Step 1: List Features/Components
```
Feature | Probability | Impact | Risk | Priority
--------|-------------|--------|------|----------
Checkout | 4 | 5 | 20 | Critical
User Auth | 3 | 5 | 15 | High
Admin Panel | 2 | 2 | 4 | Low
Search | 3 | 3 | 9 | Medium
```
### Step 2: Apply Test Depth
```typescript
await Task("Risk-Based Test Generation", {
critical: {
features: ['checkout', 'payment'],
depth: 'comprehensive',
techniques: ['unit', 'integration', 'e2e', 'performance', 'security']
},
high: {
features: ['auth', 'user-profile'],
depth: 'thorough',
techniques: ['unit', 'integration', 'e2e']
},
medium: {
features: ['search', 'notifications'],
depth: 'standard',
techniques: ['unit', 'integration']
},
low: {
features: ['admin-panel', 'settings'],
depth: 'smoke',
techniques: ['smoke-tests']
}
}, "qe-test-generator");
```
### Step 3: Reassess Dynamically
```typescript
// Production incident increases risk
await Task("Update Risk Score", {
feature: 'search',
event: 'production-incident',
previousRisk: 9,
newProbability: 5, // Increased due to incident
newRisk: 15 // Now HIGH priority
}, "qe-regression-risk-analyzer");
```
---
## ML-Enhanced Risk Analysis
```typescript
// Agent predicts risk using historical data
const riskAnalysis = await Task("ML Risk Analysis", {
codeChanges: changedFiles,
historicalBugs: bugDatabase,
prediction: {
model: 'gradient-boosting',
factors: ['complexity', 'change-frequency', 'author-experience', 'file-age']
}
}, "qe-regression-risk-analyzer");
// Output: 95% accuracy risk prediction per file
```
---
## Agent Coordination Hints
### Memory Namespace
```
aqe/risk-based/
├── risk-scores/* - Current risk assessments
├── historical-bugs/* - Bug patterns by area
├── production-data/* - Incident data for risk
└── coverage-map/* - Test depth by risk level
```
### Fleet Coordination
```typescript
const riskFleet = await FleetManager.coordinate({
strategy: 'risk-based-testing',
agents: [
'qe-regression-risk-analyzer', // Risk scoring
'qe-test-generator', // Risk-appropriate tests
'qe-production-intelligence', // Production feedback
'qe-quality-gate' // Risk-based gates
],
topology: 'sequential'
});
```
---
## Integration with CI/CD
```yaml
# Risk-based test selection in pipeline
- name: Risk Analysis
run: aqe risk-analyze --changes ${{ github.event.pull_request.files }}
- name: Run Critical Tests
if: risk.critical > 0
run: npm run test:critical
- name: Run High Tests
if: risk.high > 0
run: npm run test:high
- name: Skip Low Risk
if: risk.low_only
run: npm run test:smoke
```
---
## Related Skills
- [agentic-quality-engineering](../agentic-quality-engineering/) - Risk-aware agents
- [context-driven-testing](../context-driven-testing/) - Context affects risk
- [regression-testing](../regression-testing/) - Risk-based regression selection
- [shift-right-testing](../shift-right-testing/) - Production informs risk
---
## Remember
**Risk = Probability × Impact.** Test where bugs hurt most. Critical gets 60%, low gets 5%. Risk is dynamic - reassess with new info. Production incidents raise risk scores.
**With Agents:** Agents calculate risk using ML on historical data, select risk-appropriate tests, and adjust scores from production feedback. Use agents to maintain dynamic risk profiles at scale.Related Skills
qe-visual-testing-advanced
Advanced visual regression testing with pixel-perfect comparison, AI-powered diff analysis, responsive design validation, and cross-browser visual consistency. Use when detecting UI regressions, validating designs, or ensuring visual consistency.
qe-shift-right-testing
Testing in production with feature flags, canary deployments, synthetic monitoring, and chaos engineering. Use when implementing production observability or progressive delivery.
qe-shift-left-testing
Move testing activities earlier in the development lifecycle to catch defects when they're cheapest to fix. Use when implementing TDD, CI/CD, or early quality practices.
qe-security-visual-testing
Security-first visual testing combining URL validation, PII detection, and visual regression with parallel viewport support. Use when testing web applications that handle sensitive data, need visual regression coverage, or require WCAG accessibility compliance.
qe-security-testing
Test for security vulnerabilities using OWASP principles. Use when conducting security audits, testing auth, or implementing security practices.
qe-regression-testing
Strategic regression testing with test selection, impact analysis, and continuous regression management. Use when verifying fixes don't break existing functionality, planning regression suites, or optimizing test execution for faster feedback.
qe-performance-testing
Test application performance, scalability, and resilience. Use when planning load testing, stress testing, or optimizing system performance.
qe-observability-testing-patterns
Observability and monitoring validation patterns for dashboards, alerting, log aggregation, APM traces, and SLA/SLO verification. Use when testing monitoring infrastructure, dashboard accuracy, alert rules, or metric pipelines.
qe-n8n-workflow-testing-fundamentals
Comprehensive n8n workflow testing including execution lifecycle, node connection patterns, data flow validation, and error handling strategies. Use when testing n8n workflow automation applications.
qe-n8n-trigger-testing-strategies
Webhook testing, schedule validation, event-driven triggers, and polling mechanism testing for n8n workflows. Use when testing how workflows are triggered.
qe-n8n-security-testing
Credential exposure detection, OAuth flow validation, API key management testing, and data sanitization verification for n8n workflows. Use when validating n8n workflow security.
qe-n8n-integration-testing-patterns
API contract testing, authentication flows, rate limit handling, and error scenario coverage for n8n integrations with external services. Use when testing n8n node integrations.