Legal Risk Assessment

• Building or maintaining a risk register — you need to score, track, and document multiple legal risks with consistent severity and likelihood ratings across your organization.
• Preparing a risk memo for stakeholders — you need a structured, formatted report showing risk distribution, top risks, owner assignments, and recommended actions.
• Making escalation decisions — you need a documented rationale for when to engage outside counsel based on defined triggers (litigation, material exposure, novel legal issues).
• Running periodic risk reviews — you need to batch-process a risk register, identify ORANGE/RED risks, update scores, and distribute updated reports quarterly.

• You need actual legal advice — this skill scores and documents risks; it cannot advise on mitigation strategy, contract drafting, litigation tactics, or regulatory filings.
• You need insurance or actuarial analysis — coverage calculations and actuarial modeling are explicitly out of scope.
• You need a single ad-hoc risk estimate with no intent to document — the skill's value is in structured, living documentation; for a quick informal gut-check, the overhead may not be warranted.

Calculates a numeric risk score by multiplying Severity (1–5: Negligible → Critical) by Likelihood (1–5: Remote → Almost Certain). Each score maps to a color-coded level — GREEN, YELLOW, ORANGE, or RED — with a corresponding recommended action: Accept, Monitor, Mitigate, or Escalate.

Accepts a JSON risk register file containing multiple risks and scores all entries in a single pass. Outputs per-risk levels and actions alongside summary statistics: count per level and average score across the register.

Generates a formatted markdown memo from a risk register, including an ASCII risk matrix visualization, risk distribution summary, top risks ranked by score, owner assignments, monitoring plan suggestions, and escalation recommendations.

Provides a tiered escalation framework distinguishing mandatory triggers (active litigation, government investigation, criminal exposure) from strongly recommended and discretionary scenarios, helping teams avoid both under- and over-escalation to outside counsel.

Covers Contract, Regulatory, Litigation, IP, Data Privacy, Employment, and Corporate risk categories with defined contributing and mitigating factors referenced in the escalation guide.

Three built-in workflows — New Risk Assessment, Periodic Register Review, and Escalation Decision — provide step-by-step procedures so teams follow a consistent process every time rather than improvising.

Score a vendor SLA non-compliance risk (--severity 4 --likelihood 3 --category Contract) to get an ORANGE-level result with a recommended mitigation action. Document it in the register and assign an owner before contract renewal.

Load the full risk register JSON, batch-score all entries with risk_scorer.py --input register.json, then generate an updated memo with risk_report_generator.py. Distribute the memo to stakeholders, focusing remediation effort on ORANGE and RED items.

After a potential data privacy breach is identified, score it against the matrix and consult the escalation guide to determine whether outside counsel engagement is mandatory, strongly recommended, or discretionary — then document the rationale and trigger in the memo.

Use the risk framework reference to categorize and describe each identified risk, score them individually or in batch, and compile a baseline register with consistent documentation standards for severity, likelihood, and recommended actions.