| name | identify-risks |
| description | Analyzes code changes for potential risks: breaking changes, missing error handling, untested paths, security concerns, performance regressions, and missing migrations. Use during code review or before submitting a PR. |
| argument-hint | optional: specific area to focus risk analysis on |
Identify Risks
Performs a systematic risk analysis of code changes to catch issues before they reach production.
When to Use
- Reviewing changes before creating a PR
- A reviewer agent needs to assess risk
- Asked to "identify risks", "check for issues", "review for problems"
Procedure
-
Gather the changes to analyze:
git diff --stat
git diff
-
Run through each risk category systematically:
Breaking Changes
Error Handling
Untested Code Paths
Security (OWASP Top 10)
Performance
Data & Migrations
- Produce a risk report:
## Risk Assessment
**Overall Risk Level:** LOW | MEDIUM | HIGH | CRITICAL
### Findings
#### 🔴 Critical / 🟠 High / 🟡 Medium / 🟢 Low
**<Finding title>**
- File: `<path>`
- Risk: <description of what could go wrong>
- Recommendation: <how to fix or mitigate>
### Summary
- Critical: N findings
- High: N findings
- Medium: N findings
- Low: N findings
### Recommendation
<Overall assessment: approve, approve with suggestions, or request changes>
Important
- Be specific — cite file names and line ranges for each finding
- Don't flag theoretical risks that can't happen given the actual code paths
- Prioritize: critical/high findings first
- If no significant risks found, say so clearly — don't invent problems
- Consider the project context from the project instructions file when assessing conventions