risk-management-specialist

Found your risk-management-specialist skill while reviewing the latest batch—the structured approach to ISO 14971 threat assessment caught my eye, though I'm seeing some gaps in how the guidance is organized that are holding back the score.

Links:

• GitHub
• Your agentic skill in the SkillzWave marketplace

The TL;DR

You're at 68/100, which puts you in D territory. This is based on Anthropic's Progressive Disclosure Architecture standards for agentic skills. Your Writing Style is solid (9/10)—the tone is consistently professional and the ISO 14971 terminology is spot-on. The problem areas are PDA (12/30) and Utility (13/20), which means the structure and execution need work.

What's Working Well

• Metadata is excellent - Your description nails the trigger phrases for risk management tasks (risk assessments, control verification, file maintenance). Easy to discover when someone needs ISO 14971 help.
• Domain expertise shines - The content covers the full risk lifecycle comprehensively, from identification through post-production monitoring. That's genuinely useful scope.
• Clear hierarchy - Section organization with decision trees and process frameworks shows you understand how risk management actually works.

The Big One

Your references are all placeholders. You reference five detailed guides (iso14971-implementation-guide.md, software-risk-management.md, cybersecurity-risk-framework.md, etc.) but the references/ folder contains empty templates. This breaks the layered architecture—users are promised depth they won't find.

The fix: Either create actual reference content with real implementation details, or remove the references from SKILL.md. If you go the creation route, move the detailed frameworks currently bloating your main file (lines 16-175) into these reference files. Keep SKILL.md as a 2-3 sentence summary per section, then link to the deep dives.

Impact: +5 points minimum.

Other Things Worth Fixing

1. Missing table of contents - Your SKILL.md is 226 lines without a TOC. Add one after the metadata block so people can jump to risk evaluation or control hierarchies quickly. (+2 points)

2. Promised scripts don't exist - You reference four automation scripts (risk-matrix-calculator.py, risk-control-tracker.py, etc.) but they're not implemented. Either write at least one working example or remove the promises. (+2 points)

3. No workflow checklists - Complex processes like risk analysis need numbered steps with checkboxes, not just narrative descriptions. "1. Review device classification ☐ 2. Identify applicable standards ☐" is how people actually use this. (+3 points)

4. Weak feedback loops - You mention risk control verification but don't explain how to validate it. Add a "run-check-fix" pattern: After analysis → have two reviewers validate → update if gaps found. (+2 points)

Quick Wins

• Highest impact: Create/populate your reference files or remove broken promises (~+5 points)
• Medium effort: Add TOC and numbered workflow checklists (~+5 points)
• Quick add: Implement one working automation script (~+2 points)

Do those three things and you're looking at 80+.

Checkout your skill here: SkillzWave.ai | SpillWave We have an agentic skill installer that install skills in 14+ coding agent platforms. Check out this guide on how to improve your agentic skills.