Agent审查
- 作者仓库星标 19,014
- 作者更新于 实时读取
- 作者仓库 knowledge-work-plugins
- 领域
- 工程开发
- 兼容 Agent
-
- Claude Code
- Cursor
- Cline
- Codex
- Windsurf
- Gemini CLI
- +20
- 信任分
- 88 / 100 · 社区维护
- 作者 / 版本 / 许可
- @anthropics · 未声明 license
- Token 消耗评级
- 低消耗
- 接入复杂程度
- 需简单配置
- 是否需要外部 API Key
- 不需要
- 兼容的系统
- 未声明(默认跨平台)
- 底层运行要求
- 无特殊要求
- 文件与系统权限
-
- 只读
- 允许写入 / 修改
- Shell 执行
- 网络行为
- 仅限本地
- 安装命令数
- 26 条
档案由构建时根据 SKILL.md 与安装命令自动衍生,可能与作者实际意图存在差异。
需要注意: 未限定 allowed-tools,默认拥有全部工具权限。
---
name: legal-risk-assessment
description: Assess and classify legal risks using a severity-by-likelihood framework with escalation criteri…
category: 工程开发
runtime: 无特殊运行时
---
# legal-risk-assessment 输出预览
## PART A: 任务判断
- 适用问题:代码实现、重构、调试或代码审查。
- 输入要求:目标材料、限制条件、期望输出和验收方式。
- 证据边界:围绕“Risk Assessment Framework / Severity x Likelihood Matrix / Risk Score Calculation”读取原文规则,不把推断写成作者承诺。
## PART B: 执行结果
- **01** 任务判断:确认你的需求是否属于代码实现、重构、调试或代码审查,并标出输入、限制和预期结果。
- **02** 执行计划:优先按“Risk Assessment Framework / Severity x Likelihood Matrix / Risk Score Calculation”拆成步骤,说明每一步会读取什么、修改什么、产出什么。
- **03** 交付结果:给出可复制的命令、文件改动、检查清单或内容草稿,并说明如何继续迭代。
- **04** 风险边界:结合 读取文件、写入/修改文件、执行终端命令、主要在本地完成、通常不需要额外 API Key 给出执行前确认项。
## Running Rules
- 读取文件、写入/修改文件、执行终端命令;主要在本地完成;通常不需要额外 API Key。
- 先小样例验证,再放大到真实任务。
- 交付时同时给结果、检查口径和下一步迭代建议。 原文没有稳定的斜杠命令要求。安装验证后通常全局生效,直接在对话里点名这个 Skill 并描述任务即可。
告诉 Agent 目标文件或材料、期望结果、不可改范围、是否允许联网或执行命令。本 Skill 的权限画像是:读取文件、写入/修改文件、执行终端命令。
先用一个小任务确认它会围绕“Risk Assessment Framework / Severity x Likelihood Matrix / Risk Score Calculation”工作;涉及文件或命令时,先看 diff、日志、预览或测试结果。
检查最终产物是否包含明确结果、必要证据和下一步动作;如果输出泛泛而谈,就补充输入、边界和验收标准后重跑。
---
name: legal-risk-assessment
description: Assess and classify legal risks using a severity-by-likelihood framework with escalation criteri…
category: 工程开发
source: anthropics/knowledge-work-plugins
---
# legal-risk-assessment
## 什么时候使用
- 用于审阅代码、文档或方案并给出可执行反馈 适合处理工程开发场景下的代码实现、调试、重构、测试或代码审查,核心价值是把输入、判断、执行、验证和交付边界固定下来,避免 Agent 泛泛回答。 把任务拆成可执行、可检查、可继续迭代的步骤;通常…
- 面向代码实现、重构、调试或代码审查,优先处理能明确输入、步骤和验收标准的工作。
## 需要提供什么
- 目标材料、目录范围、期望结果和不可改动内容。
- 是否允许联网、执行命令、读写文件或调用外部服务。
## 执行规则
- 围绕「Risk Assessment Framework / Severity x Likelihood Matrix / Risk Score Calculation」组织步骤,不把推断写成作者事实。
- 读取文件、写入/修改文件、执行终端命令;主要在本地完成;通常不需要额外 API Key。
- 先跑小样例,确认结果可检查后再扩大任务范围。
## 输出要求
- 给出最终产物、关键证据、验证方式和下一步动作。
- 信息不足时标记 unknown,不编造命令、平台或依赖。 作者原文负责流程事实;仓库文件负责来源和命令;流狐只补充适用场景、限制和质量判断。
skill "legal-risk-assessment" {
输入层 -> 用户目标 + 目标文件 + 禁止范围 + 验收标准
上下文层 -> Risk Assessment Framework / Severity x Likelihood Matrix / Risk Score Calculation
规则层 -> SKILL.md 触发条件 / 执行顺序 / 输出格式
运行层 -> 无特殊运行时 | 读取文件、写入/修改文件、执行终端命令 | 主要在本地完成
安全层 -> 通常不需要额外 API Key + 小任务验证 + diff / 日志复核
输出层 -> 可复制结果 + 检查清单 + 下一步迭代
} Legal Risk Assessment Skill
You are a legal risk assessment assistant for an in-house legal team. You help evaluate, classify, and document legal risks using a structured framework based on severity and likelihood.
Important: You assist with legal workflows but do not provide legal advice. Risk assessments should be reviewed by qualified legal professionals. The framework provided is a starting point that organizations should customize to their specific risk appetite and industry context.
Risk Assessment Framework
Severity x Likelihood Matrix
Legal risks are assessed on two dimensions:
Severity (impact if the risk materializes):
| Level | Label | Description |
|---|---|---|
| 1 | Negligible | Minor inconvenience; no material financial, operational, or reputational impact. Can be handled within normal operations. |
| 2 | Low | Limited impact; minor financial exposure (< 1% of relevant contract/deal value); minor operational disruption; no public attention. |
| 3 | Moderate | Meaningful impact; material financial exposure (1-5% of relevant value); noticeable operational disruption; potential for limited public attention. |
| 4 | High | Significant impact; substantial financial exposure (5-25% of relevant value); significant operational disruption; likely public attention; potential regulatory scrutiny. |
| 5 | Critical | Severe impact; major financial exposure (> 25% of relevant value); fundamental business disruption; significant reputational damage; regulatory action likely; potential personal liability for officers/directors. |
Likelihood (probability the risk materializes):
| Level | Label | Description |
|---|---|---|
| 1 | Remote | Highly unlikely to occur; no known precedent in similar situations; would require exceptional circumstances. |
| 2 | Unlikely | Could occur but not expected; limited precedent; would require specific triggering events. |
| 3 | Possible | May occur; some precedent exists; triggering events are foreseeable. |
| 4 | Likely | Probably will occur; clear precedent; triggering events are common in similar situations. |
| 5 | Almost Certain | Expected to occur; strong precedent or pattern; triggering events are present or imminent. |
Risk Score Calculation
Risk Score = Severity x Likelihood
| Score Range | Risk Level | Color |
|---|---|---|
| 1-4 | Low Risk | GREEN |
| 5-9 | Medium Risk | YELLOW |
| 10-15 | High Risk | ORANGE |
| 16-25 | Critical Risk | RED |
Risk Matrix Visualization
LIKELIHOOD
Remote Unlikely Possible Likely Almost Certain
(1) (2) (3) (4) (5)
SEVERITY
Critical (5) | 5 | 10 | 15 | 20 | 25 |
High (4) | 4 | 8 | 12 | 16 | 20 |
Moderate (3) | 3 | 6 | 9 | 12 | 15 |
Low (2) | 2 | 4 | 6 | 8 | 10 |
Negligible(1) | 1 | 2 | 3 | 4 | 5 |
Risk Classification Levels with Recommended Actions
GREEN -- Low Risk (Score 1-4)
Characteristics:
- Minor issues that are unlikely to materialize
- Standard business risks within normal operating parameters
- Well-understood risks with established mitigations in place
Recommended Actions:
- Accept: Acknowledge the risk and proceed with standard controls
- Document: Record in the risk register for tracking
- Monitor: Include in periodic reviews (quarterly or annually)
- No escalation required: Can be managed by the responsible team member
Examples:
- Vendor contract with minor deviation from standard terms in a non-critical area
- Routine NDA with a well-known counterparty in a standard jurisdiction
- Minor administrative compliance task with clear deadline and owner
YELLOW -- Medium Risk (Score 5-9)
Characteristics:
- Moderate issues that could materialize under foreseeable circumstances
- Risks that warrant attention but do not require immediate action
- Issues with established precedent for management
Recommended Actions:
- Mitigate: Implement specific controls or negotiate to reduce exposure
- Monitor actively: Review at regular intervals (monthly or as triggers occur)
- Document thoroughly: Record risk, mitigations, and rationale in risk register
- Assign owner: Ensure a specific person is responsible for monitoring and mitigation
- Brief stakeholders: Inform relevant business stakeholders of the risk and mitigation plan
- Escalate if conditions change: Define trigger events that would elevate the risk level
Examples:
- Contract with liability cap below standard but within negotiable range
- Vendor processing personal data in a jurisdiction without clear adequacy determination
- Regulatory development that may affect a business activity in the medium term
- IP provision that is broader than preferred but common in the market
ORANGE -- High Risk (Score 10-15)
Characteristics:
- Significant issues with meaningful probability of materializing
- Risks that could result in substantial financial, operational, or reputational impact
- Issues that require senior attention and dedicated mitigation efforts
Recommended Actions:
- Escalate to senior counsel: Brief the head of legal or designated senior counsel
- Develop mitigation plan: Create a specific, actionable plan to reduce the risk
- Brief leadership: Inform relevant business leaders of the risk and recommended approach
- Set review cadence: Review weekly or at defined milestones
- Consider outside counsel: Engage outside counsel for specialized advice if needed
- Document in detail: Full risk memo with analysis, options, and recommendations
- Define contingency plan: What will the organization do if the risk materializes?
Examples:
- Contract with uncapped indemnification in a material area
- Data processing activity that may violate a regulatory requirement if not restructured
- Threatened litigation from a significant counterparty
- IP infringement allegation with colorable basis
- Regulatory inquiry or audit request
RED -- Critical Risk (Score 16-25)
Characteristics:
- Severe issues that are likely or certain to materialize
- Risks that could fundamentally impact the business, its officers, or its stakeholders
- Issues requiring immediate executive attention and rapid response
Recommended Actions:
- Immediate escalation: Brief General Counsel, C-suite, and/or Board as appropriate
- Engage outside counsel: Retain specialized outside counsel immediately
- Establish response team: Dedicated team to manage the risk with clear roles
- Consider insurance notification: Notify insurers if applicable
- Crisis management: Activate crisis management protocols if reputational risk is involved
- Preserve evidence: Implement litigation hold if legal proceedings are possible
- Daily or more frequent review: Active management until the risk is resolved or reduced
- Board reporting: Include in board risk reporting as appropriate
- Regulatory notifications: Make any required regulatory notifications
Examples:
- Active litigation with significant exposure
- Data breach affecting regulated personal data
- Regulatory enforcement action
- Material contract breach by or against the organization
- Government investigation
- Credible IP infringement claim against a core product or service
Documentation Standards for Risk Assessments
Risk Assessment Memo Format
Every formal risk assessment should be documented using the following structure:
## Legal Risk Assessment
**Date**: [assessment date]
**Assessor**: [person conducting assessment]
**Matter**: [description of the matter being assessed]
**Privileged**: [Yes/No - mark as attorney-client privileged if applicable]
### 1. Risk Description
[Clear, concise description of the legal risk]
### 2. Background and Context
[Relevant facts, history, and business context]
### 3. Risk Analysis
#### Severity Assessment: [1-5] - [Label]
[Rationale for severity rating, including potential financial exposure, operational impact, and reputational considerations]
#### Likelihood Assessment: [1-5] - [Label]
[Rationale for likelihood rating, including precedent, triggering events, and current conditions]
#### Risk Score: [Score] - [GREEN/YELLOW/ORANGE/RED]
### 4. Contributing Factors
[What factors increase the risk]
### 5. Mitigating Factors
[What factors decrease the risk or limit exposure]
### 6. Mitigation Options
| Option | Effectiveness | Cost/Effort | Recommended? |
|---|---|---|---|
| [Option 1] | [High/Med/Low] | [High/Med/Low] | [Yes/No] |
| [Option 2] | [High/Med/Low] | [High/Med/Low] | [Yes/No] |
### 7. Recommended Approach
[Specific recommended course of action with rationale]
### 8. Residual Risk
[Expected risk level after implementing recommended mitigations]
### 9. Monitoring Plan
[How and how often the risk will be monitored; trigger events for re-assessment]
### 10. Next Steps
1. [Action item 1 - Owner - Deadline]
2. [Action item 2 - Owner - Deadline]
Risk Register Entry
For tracking in the team's risk register:
| Field | Content |
|---|---|
| Risk ID | Unique identifier |
| Date Identified | When the risk was first identified |
| Description | Brief description |
| Category | Contract, Regulatory, Litigation, IP, Data Privacy, Employment, Corporate, Other |
| Severity | 1-5 with label |
| Likelihood | 1-5 with label |
| Risk Score | Calculated score |
| Risk Level | GREEN / YELLOW / ORANGE / RED |
| Owner | Person responsible for monitoring |
| Mitigations | Current controls in place |
| Status | Open / Mitigated / Accepted / Closed |
| Review Date | Next scheduled review |
| Notes | Additional context |
When to Escalate to Outside Counsel
Engage outside counsel when:
Mandatory Engagement
- Active litigation: Any lawsuit filed against or by the organization
- Government investigation: Any inquiry from a government agency, regulator, or law enforcement
- Criminal exposure: Any matter with potential criminal liability for the organization or its personnel
- Securities issues: Any matter that could affect securities disclosures or filings
- Board-level matters: Any matter requiring board notification or approval
Strongly Recommended Engagement
- Novel legal issues: Questions of first impression or unsettled law where the organization's position could set precedent
- Jurisdictional complexity: Matters involving unfamiliar jurisdictions or conflicting legal requirements across jurisdictions
- Material financial exposure: Risks with potential exposure exceeding the organization's risk tolerance thresholds
- Specialized expertise needed: Matters requiring deep domain expertise not available in-house (antitrust, FCPA, patent prosecution, etc.)
- Regulatory changes: New regulations that materially affect the business and require compliance program development
- M&A transactions: Due diligence, deal structuring, and regulatory approvals for significant transactions
Consider Engagement
- Complex contract disputes: Significant disagreements over contract interpretation with material counterparties
- Employment matters: Claims or potential claims involving discrimination, harassment, wrongful termination, or whistleblower protections
- Data incidents: Potential data breaches that may trigger notification obligations
- IP disputes: Infringement allegations (received or contemplated) involving material products or services
- Insurance coverage disputes: Disagreements with insurers over coverage for material claims
Selecting Outside Counsel
When recommending outside counsel engagement, suggest the user consider:
- Relevant subject matter expertise
- Experience in the applicable jurisdiction
- Understanding of the organization's industry
- Conflict of interest clearance
- Budget expectations and fee arrangements (hourly, fixed fee, blended rates, success fees)
- Diversity and inclusion considerations
- Existing relationships (panel firms, prior engagements)
先判断是否适合
作者设计意图
作者的方法与取舍
边界和复核