Deeper risk assessment for a single feature or product area when the launch review found something that needs more than a line item. Structured analysis: what could go wrong, how likely, how bad, what mitigates it. Use when user says "deep dive on this risk", "risk assessment for [feature]", "what could go wrong with", or when launch-review flags a novel issue.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "feature-risk-assessment" skill from askskill: 1. Download https://raw.githubusercontent.com/anthropics/claude-for-legal/main/product-legal/skills/feature-risk-assessment/SKILL.md 2. Save it as ~/.claude/skills/feature-risk-assessment/SKILL.md 3. Reload skills and tell me it's ready
Matter context. Check ## Matter workspaces in the practice-level CLAUDE.md. If Enabled is ✗ (the default for in-house users), skip the rest of this paragraph — skills use practice-level context and the matter machinery is invisible. If enabled and there is no active matter, ask: "Which matter is this for? Run /product-legal:matter-workspace switch <slug> or say practice-level." Load the active matter's matter.md for matter-specific context and overrides. Write outputs to the matter folder at ~/.claude/plugins/config/claude-for-legal/product-legal/matters/<matter-slug>/. Never read another matter's files unless Cross-matter context is on.
The launch review is broad. This is deep. When a single issue needs more than a table row — a novel AI feature, a children's product, something a regulator is actively looking at — this skill produces a standalone assessment.
Not every launch needs one. Most don't. This is for the 10% where "PIA done, shipped" isn't the right level of scrutiny.
If none of the above, the launch review is enough. Don't generate paperwork for its own sake.
One paragraph. What the feature does, what's new about it, why it got escalated to a full assessment.
For each distinct risk (aim for 2-5, not 15):
### Risk [N]: [Short name]
**Scenario:** [What would have to happen for this to go wrong. Be specific —
not "data breach" but "the recommendation algo surfaces a user's sensitive
category interest to someone who shouldn't see it because X."]
**Who gets hurt:** [Users? The company? A third party? Specific.]
**How likely:** [Low / Medium / High — with a reason. "Low — would require
both X and Y to fail simultaneously." Not just a vibes rating.]
**How bad if it happens:** [Low / Medium / High — with a reason. "High —
regulatory fine + class action exposure + press" vs. "Low — one angry
tweet, no actual harm."]
**Existing mitigations:** [What already reduces the likelihood or impact]
**Gap:** [What's missing, if anything]
**Residual risk:** [After existing mitigations — is this acceptable or does
it need more?]
Only include if a regulator is actively interested in this space. If so:
Has another company done something similar? What happened?
Don't overweight precedent. Regulators change priorities; one company getting away with something doesn't mean the next one will.
Present 2-3 realistic paths:
| Option | Description | Risk reduction | Cost |
|---|---|---|---|
| A: Ship as designed | [current plan] | None | None |
| B: Ship with [mitigation] | [change] | [how much] | [eng effort, timeline, UX] |
| C: Don't ship [component] | [scope cut] | [how much] | [product impact] |
Pick one. Explain why. Acknowledge what you're trading off.
**Recommended: Option [X]**
[Why. What risk remains. Why that's acceptable. Who accepts it.]
**If the answer is "not my call":** [Who decides, what they need to know]
…
Diff a proposed handbook change against the current version, flag ripple effects and state supplement impacts. Use when user says "update the handbook", "add this to the handbook", "handbook change", or has a policy ready for insertion.
Review an offer letter and any restrictive covenants — jurisdiction check included. Substantive rules (covenant enforceability, pay-transparency, salary-history limits, exemption criteria) are researched per hire, not stored. Use when the user says "review this offer", "can we use a non-compete here", "check this offer letter", "hiring in [state]", or attaches an offer.
Draft an audience-specific summary from the privileged investigation memo — HR, leadership, or outside counsel versions. Use when an investigation memo needs to be communicated to an audience that should not see the full privileged work product.
Track the IP portfolio — registrations, renewals, maintenance fees, and use declarations. Use when checking what's renewing, adding or updating an asset, recording a maintenance filing, or auditing the register for gaps, lapses, and use-in-commerce questions. Receives handoffs from prosecution and clearance work.
IRAC-scaffolded case analysis memo with research gaps flagged — the scaffold, not the analysis. Rule blocks are RESEARCH NEEDED, Application is STUDENT ANALYSIS prompts, Conclusion is blank. Use when a student needs to scaffold a case analysis memo, write up their analysis, or build an IRAC memo for a case.
Read VDR documents and extract issues per house categories and materiality thresholds, producing findings in house memo format. Use when user says "review the data room", "extract issues from [folder]", "diligence review", "what's in the VDR", or points at VDR documents.