Deeper risk assessment for a single feature or product area when the launch review found something that needs more than a line item. Structured analysis: what could go wrong, how likely, how bad, what mitigates it. Use when user says "deep dive on this risk", "risk assessment for [feature]", "what could go wrong with", or when launch-review flags a novel issue.
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "feature-risk-assessment" 技能: 1. 下载 https://raw.githubusercontent.com/anthropics/claude-for-legal/main/product-legal/skills/feature-risk-assessment/SKILL.md 2. 保存为 ~/.claude/skills/feature-risk-assessment/SKILL.md 3. 装好后重载技能,告诉我可以用了
Matter context. Check ## Matter workspaces in the practice-level CLAUDE.md. If Enabled is ✗ (the default for in-house users), skip the rest of this paragraph — skills use practice-level context and the matter machinery is invisible. If enabled and there is no active matter, ask: "Which matter is this for? Run /product-legal:matter-workspace switch <slug> or say practice-level." Load the active matter's matter.md for matter-specific context and overrides. Write outputs to the matter folder at ~/.claude/plugins/config/claude-for-legal/product-legal/matters/<matter-slug>/. Never read another matter's files unless Cross-matter context is on.
The launch review is broad. This is deep. When a single issue needs more than a table row — a novel AI feature, a children's product, something a regulator is actively looking at — this skill produces a standalone assessment.
Not every launch needs one. Most don't. This is for the 10% where "PIA done, shipped" isn't the right level of scrutiny.
If none of the above, the launch review is enough. Don't generate paperwork for its own sake.
One paragraph. What the feature does, what's new about it, why it got escalated to a full assessment.
For each distinct risk (aim for 2-5, not 15):
### Risk [N]: [Short name]
**Scenario:** [What would have to happen for this to go wrong. Be specific —
not "data breach" but "the recommendation algo surfaces a user's sensitive
category interest to someone who shouldn't see it because X."]
**Who gets hurt:** [Users? The company? A third party? Specific.]
**How likely:** [Low / Medium / High — with a reason. "Low — would require
both X and Y to fail simultaneously." Not just a vibes rating.]
**How bad if it happens:** [Low / Medium / High — with a reason. "High —
regulatory fine + class action exposure + press" vs. "Low — one angry
tweet, no actual harm."]
**Existing mitigations:** [What already reduces the likelihood or impact]
**Gap:** [What's missing, if anything]
**Residual risk:** [After existing mitigations — is this acceptable or does
it need more?]
Only include if a regulator is actively interested in this space. If so:
Has another company done something similar? What happened?
Don't overweight precedent. Regulators change priorities; one company getting away with something doesn't mean the next one will.
Present 2-3 realistic paths:
| Option | Description | Risk reduction | Cost |
|---|---|---|---|
| A: Ship as designed | [current plan] | None | None |
| B: Ship with [mitigation] | [change] | [how much] | [eng effort, timeline, UX] |
| C: Don't ship [component] | [scope cut] | [how much] | [product impact] |
Pick one. Explain why. Acknowledge what you're trading off.
**Recommended: Option [X]**
[Why. What risk remains. Why that's acceptable. Who accepts it.]
**If the answer is "not my call":** [Who decides, what they need to know]
…
Review and approve (or reject) pending playbook update proposals from the playbook-monitor agent and apply approved changes to the practice profile. Use when the playbook-monitor agent has surfaced proposals, when the user says "review playbook proposals", "what playbook updates are pending", or wants to step through deviation-driven playbook changes.
Reference: review of SaaS subscription agreements with attention to the terms that matter most in subscription deals — auto-renewal mechanics, price escalation, data portability, uptime SLAs, and subprocessor rights. Loaded by /commercial-legal:review when a SaaS or subscription agreement is detected.
Drafts board or committee meeting minutes in your house format. Auto-detects upcoming board and committee meetings from your calendar, asks for the agenda and any slides or pre-read materials, and produces a complete draft in the format learned from your seed minutes. Also handles written consents in lieu of meetings. Trigger: "board minutes", "draft minutes", "upcoming board meeting", "committee minutes", "written consent", or calendar detection of an upcoming board or committee event.
Aggregate diligence findings into a deal team briefing at the right altitude for the audience — exec summary for leadership, working summary for the team. Use when user says "brief the deal team", "what's the state of diligence", "summarize findings for [audience]", "deal update", or on the briefing cadence.
Entity compliance tracker — initialize, report upcoming deadlines, update status, run health audit, export to CSV. Maintains a compliance-tracker.yaml built from the entity table, calculates filing deadlines by entity and jurisdiction, and surfaces what's due in the next 30/60/90 days. Use when user says "entity compliance", "filing deadlines", "annual reports due", "entity tracker", "what filings are due", "entity health", or "good standing".
Trace how a contract has changed across its base agreement and all amendments — either a summary of all changes over time, or a provision trace for a specific clause. Use when the user says "what changed in this contract over time", "show me the amendment history", "where's the latest [clause]", "how has [provision] evolved", or uploads multiple versions of an agreement.