Requirement Risk Assessment Skill (v1.0)

Version Changes (v1.0)

• 1st Round (Usable Version) Template Implementation: Added the

  0.121

  universal template in

  0.12

  to reduce output drift caused by "knowing two rounds of delivery but not how to write the first round".
• Standardization of Evidence Anchor Tags: Unified the

  Evidence Anchor([Direct Quote]/[Paraphrase]/[Gap])

  in Phase 0 and key table column names, and clarified the writing rules for the three states, reducing caliber discrepancies when "citation is restricted/original text cannot be found".
• Version History Moved Externally: The main Skill only retains current version changes; historical summaries are uniformly placed in the README to reduce token usage and execution drift.

0) Objectives (Do Not Confuse)

1. Feasibility: Compliance + technical/resource deliverability
2. Value for Money: Comprehensive match of price/benefit/opportunity cost/long-term burden (including payment collection/liability risks)
3. Risk Mitigation Strategies: Contract terms + execution processes + technical controls + stop-loss mechanisms

Note: The total score is only a summary and cannot cover single-point fatal risks (red lines/hard gates take priority).

0.15) TL;DR (30-Second Quick Execution)

1. Phase 0: Structured extraction → Key field snapshot + information sufficiency

   X/8

   (see 3 + 3.4)
2. Phase 0.25/0.5: Pitfall signal + conflict detection (see 4 + 5)
3. Phase 1: Red line check (see 6) → If hit,

   Reject/Pause

   , skip full scoring
4. Commitment Gates (see 2.6 / Appendix Q) → Decide "only pause/only ROM/milestone lockable/quote & schedule lockable"
5. Phase 2: Structured scoring (see 7 + Appendix A/E/G/H) → Output range + capping + confidence level
6. Phase 3-6: Pre-mortem → Risk register → Terms/execution → Minimum supplementary information set (see 8-11)

0.12) Two-Round Delivery Agreement (Default: Usable First, Detailed Later)

1. 1st Round (Usable Version): Only output

   1.4 [Overview]

   +

   [Key Field Snapshot (8 Items)]

   +

   [Red Line Check]

   +

   [Pitfall Signals (≤5)]

   +

   [Conflict Detection (≤5)]

   +

   [Top Gaps/Assumptions (3-6)]

   +

   [Required Supplementary Information (≤10 Questions)]

   .
2. 2nd Round (Full Version, Optional): After information is supplemented, output

   [Scoring Overview]/[Risk Register]/[Negotiation Terms]/[Execution Plan]/[ROM]/[Work Breakdown]

   etc.

• The user explicitly states "please output according to the full template/provide the scoring table/provide ROM three scenarios + terms"; or materials are complete (information sufficiency ≥6/8 and conflicts can be resolved).

0.121) 1st Round (Usable Version) Universal Template (Recommended for Direct Reuse)

## [Overview] (See 1.4, Must Be Provided First)
...

## [Key Field Snapshot (8 Items)]
...(See 3)

## [Red Line Check]
...(See 6)

## [Pitfall Signals (≤5)]
...(See 4)

## [Conflict Detection (≤5)]
...(See 5)

## [Top Gaps/Key Assumptions (3-6)]
- ...

## [Required Supplementary Information (By Priority, ≤10 Questions)]
1) ...(Associated dimension/why it will change the conclusion)

0.2) Minimum Input Set (Layered; Default to Supplement First If Information Is Insufficient)

[Project/Requirement Name]:
[Scenario Type] Regular/Multi-requirement Comparison/Historical Reference/Emergency/Contract Renewal/Modification:
[Verifiable Objective]:
[Scope Boundary] in-scope / out-of-scope: (One of the 8 items for information sufficiency)
[Deliverable List] Code/Documentation/Deployment/Training/Source Code Ownership etc.: (One of the 8 items for information sufficiency)
[Acceptance Criteria] Acceptance checklist/test method/time limit/default pass conditions: (One of the 8 items for information sufficiency)
[Payment Structure] Advance payment/milestone payment/final payment ratio/overdue handling: (One of the 8 items for information sufficiency)
[Project Timeline & Milestones] Use absolute date and time (e.g., 2026-03-20 18:00 +08:00 or Asia/Shanghai): (One of the 8 items for information sufficiency)
[Key Dependencies] Customer-side accounts/interfaces/data/whitelists/qualifications and latest provision time: (One of the 8 items for information sufficiency)
[Data & Compliance] Involved data types/authorization/retention & deletion/cross-border sharing (if applicable): (One of the 8 items for information sufficiency)
[Decision/Acceptance Responsible Person]: (One of the 8 items for information sufficiency)

[Budget/Quote Range] (If known):
[Billing Method] Fixed price/man-day/milestone:
[Daily Rate/Man-day Unit Price] (Required for ROM quote/schedule, leave blank if unknown):

[Emergency (If Applicable)] Real Deadline, Sacrificable Scope/Quality Bottom Line, Acceptance of Emergency Premium/Channel Fee:
[Renewal/Modification (If Applicable)] Historical Performance/Outstanding Debts, Historical Payment Collection, Modification Frequency and Sign-off Mechanism:
[AI/LLM (If Applicable)] Performance Metrics & Evaluation Dataset, Data Authorization Boundaries, Cost & Latency Budget, Vendors & Deployment, Security & Unauthorized Access:

[Confidentiality Restrictions] Is it allowed to quote short original text (≤25 characters) in the output? If not: Can you provide desensitized short text/field values for audit purposes?

0.25) Quick Entry (Execution Order: Gates First, Scoring Later)

1. Scenario Identification (See 0.5)
2. Phase 0: Structured Extraction + Information Sufficiency X/8 (See 3 + 3.4)
3. Pitfall Signal Scanning + Conflict Detection (See 4 + 5)
4. Red Line Check (Prerequisite) (See 6)
   • Red line hit (with evidence) ⇒ Conclusion is only

     Reject

     , skip full scoring; only output "red line evidence + minimal risk set + terms/stop-loss suggestions + next steps"
   • Red line elements missing and unjudgeable ⇒ Conclusion prioritizes

     Pause (Reject Commitment Before Supplementing)

     , only output "gaps + minimum supplementary information set"
5. Only if no red line is hit and information is sufficient: Enter scoring (7) → Pre-mortem (8) → Risk register (9) → Decision/negotiation/execution (10) → Minimum supplementary information set (11)

Note: Scoring is only a summary; any "gate" (red line/hard gate/Score Capping/conflict) can directly override the upper limit of the conclusion.

0.3) Applicable Boundaries (Prevent Overreach and False Certainty)

• Do not replace legal advice: This Skill only provides risk framework and term suggestions; when disputes arise regarding "liability/compensation/IP/data processing/security obligations", it is recommended to involve legal counsel.
• Do not make factual assumptions: Historical references must be based on historical materials provided by the user; without materials, only "reusable models/suggestions" can be given.
• Do not fabricate evidence: Any "evidence anchor" must come from short quotes of the user's original text; if the user explicitly requests "no pasting/no quoting of original text", use

  [Paraphrase]

  according to Appendix M of

  references/assessment-standard.md

  and force a reduction in confidence level, and enter

  Pause

  if necessary.

0.5) Scenario Identification (Top Priority)

Note: AI/LLM is an "additional tag" that can coexist with scenarios such as emergency/renewal/multi-requirement comparison; during assessment, append Appendix O checks and questions to the standard process.

1) Output Strategy (Two Tiers, Avoid False Precision)

A. Quick Triage (Applicable: Very Short Text/Large Information Gaps/Only Asking "Can We Accept It")

1.4 [Overview]

• Overview: Overall decision + three conclusion questions + information sufficiency/confidence level + Commitment Gate (including strong commitment upper limit)
• Red line conclusion (✅/❌/⚠️) + evidence anchor/gap
• Hit pitfall signals (if any)
• 3-6 highest-leverage gaps/conflicts
• Minimum supplementary information set (≤10 questions)

B. Full Assessment (Applicable: Sufficient Evidence or Must Make Decision/Quote Negotiation)

C. Multi-requirement Comparison (Applicable: Need to Compare 2+ Requirements Horizontally)

• Independent scoring for each requirement
• Horizontal dimension comparison
• Strengths and weaknesses summary
• Recommendation suggestions

## [Multi-requirement Comparison: Conclusions and Ranking]
Recommended Ranking: 1) Requirement A 2) Requirement B 3) Requirement C
Ranking Basis: [1-3 auditable reasons: red lines/hard gates/payment structure/scope certainty/timeline risk…]

| Requirement | Conclusion | Red Line/Hard Gate | Total Score (base) | Emergency Adjustment Score (if applicable) | Confidence Level | 3 Key Risks | Top 3 Non-Negotiable Terms | Next Step |
|------|------|-----------|------------|------------------|--------|-------------|---------------------|--------|
| A    | ...  | ...       | .../100     | ...              | ...    | ...         | ...                 | ...    |
| B    | ...  | ...       | .../100     | ...              | ...    | ...         | ...                 | ...    |

• Each requirement must have an identifiable name (e.g., "Requirement A/Requirement B" or actual project name).
• If the user mixes multiple requirements in a single paragraph and boundaries are unclear: First request the user to provide them in separate paragraphs or mark boundaries with headings before scoring ("脑补分段" is prohibited).
• If

  Pause

  is triggered: Must clearly state the reason "gaps prevent fair comparison" and provide "minimum supplementary information set (by priority)", then perform ranking after supplementation.

• First bucket by conclusion:

  Accept

  >

  Negotiate Before Accepting

  >

  Pause

  >

  Reject

• Within the same bucket, rank by: fewer triggers of hard gates/red lines/Score Capping first; then consider

  Total Score (base)

  and confidence level (confidence level takes priority over total score)

D. Historical Reference (Applicable: User Requests "Reference for Similar Projects/Review of Previous Projects")

[Historical Materials Missing, Cannot Conduct Factual Comparison]

E. Pause (Applicable: Insufficient Information to Make Commitments)

Pause

• Red line check shows

  ⚠️ Insufficient Information to Supplement

  and the gap determines whether the red line is triggered;
• Information sufficiency

  <=4/8

  , and the user still requests "give a yes/no answer now";
• Dense conflict items (see Appendix I) that cannot be resolved with existing materials;
• Any one of payment structure, acceptance criteria, or scope boundary is "missing + non-inferable", making it impossible to form executable terms and stop-loss points.

Explanation:

Pause

= "No delivery commitment/quote locking/scheduling commitment will be made before information is supplemented; enter full assessment or quote negotiation after supplementation".

F. Output Truncation Rules (Default, Avoid "Long but Unusable")

• Evidence ledger: Default to only output "Key Field Snapshot (8 Items)"; full ledger is only output when (multi-requirement comparison/dense conflicts/user request).
• Pitfall signal scanning: Maximum 5 items (sorted by impact on conclusion).
• Conflict detection: Maximum 5 items (sorted by impact on conclusion).
• Pre-mortem: 3 items are sufficient; each item does not exceed 6 lines.
• Risk register: 6-10 items; and highlight the top 3 priorities above the table (corresponding to negotiation/stop-loss actions).
• Negotiation terms: 3-7 mandatory conditions, with top 3 marked (the three that most affect the conclusion).

G. ROM Quote/Scheduling (Optional: User Requests "Quote/Scheduling/Man-days" or in Quote Negotiation)

• First determine Commitment Gates (see 2.6/Appendix Q): ROM belongs to G1; before reaching G3, "lock quotes/lock schedules/write fixed launch times" are prohibited.
• If in G0: Do not output ROM, only output

  Pause

  + minimum supplementary information set (avoid "looks like a quote/schedule is given but information is insufficient").
• If information sufficiency

  <6/8

  or key conflicts/hard gates/capping are hit: Only output ROM range (do not provide single-point quotes/single-point schedules).
• ROM must explicitly list: Top 3-6 key assumptions, corresponding verification plans, and "top 3 mandatory negotiation terms".
• ROM range boundaries: Align with the three-scenario caliber of Appendix H using

  best/base/worst

  (and must not bypass Appendix E hard gates).

references/assessment-standard.md

1.4) Output Header (Mandatory, Must Be Provided First for All Outputs)

• Even if

  Reject/Pause/Quick Triage

  triggers early stop, this section must be output (otherwise it is easy to miss Commitment Gates and three conclusion questions).
• If

  information sufficiency

  is not calculated: Write

  -/8 (Not Evaluated)

  and explain the reason (e.g., early stop due to red line).

## [Overview]
Overall Decision: Accept/Negotiate Before Accepting/Pause/Reject
Feasibility: Accept/Negotiate Before Accepting/Pause/Reject
Value for Money: Worth Doing/Feasible but Not Worth Doing/Pause/N/A (Early Stop Due to Red Line)
Risk Mitigation (One Sentence): Highest-leverage measures for [terms/process/technology/stop-loss] (1-2 items are sufficient)

Scenario Tags: Regular/Multi-requirement Comparison/Historical Reference/Emergency/Contract Renewal/Modification + AI/LLM(if applicable)
Overall Confidence Level: High/Medium/Low
Information Sufficiency: X/8 or -/8 (Not Evaluated)
Commitment Gate: G0/G1/G2/G3 (Reason Summary) | Strong Commitment Upper Limit: Only Pause/Only ROM/Milestone Lockable/Quote & Schedule Lockable

1.5) Minimum Output Template (Deliverable Even for Early Stop)

Purpose: When

Reject/Pause/Quick Triage

is triggered, avoid outputting "only one sentence conclusion" or "long but unexecutable" reports.

T1 Reject (Red Line Hit)

## [Overview]
Overall Decision: Reject
Feasibility: Reject (Red Line)
Value for Money: N/A (Early Stop Due to Red Line)
Risk Mitigation (One Sentence): Provide alternative paths/compliance process suggestions that do not trigger red lines (do not provide overreach implementation details)
Scenario Tags: ...
Overall Confidence Level: Medium/High (Can be high if red line evidence is clear; reduce to medium/low if citation is restricted or key elements are missing)
Information Sufficiency: -/8 (Early Stop Due to Red Line)
Commitment Gate: G0 (Red Line) | Strong Commitment Upper Limit: Only Reject/Only Pause

## [Red Line Evidence]
- [Red Line Item]: Evidence Anchor (Short Original Quote)

## [Minimal Risk Set (No Long Report Expansion)]
- Main Risk: ...
- Impact: legal/reputation/… (1 sentence)

## [Next Steps (If Still Want to Proceed)]
1) Need User to Supplement/Clarify: ... (Gap)
2) Or: Revised Scheme/Alternative Path (No Red Line Trigger): ...

T2 Pause (Assess After Supplementing; Reject Commitment Before Supplementing)

## [Overview]
Overall Decision: Pause (Reject Commitment Before Supplementing)
Feasibility: Pause
Value for Money: Pause
Risk Mitigation (One Sentence): First formalize scope/acceptance/payment/dependency fields and obtain written confirmation, then enter assessment/quote negotiation
Scenario Tags: ...
Overall Confidence Level: Low/Medium
Information Sufficiency: X/8
Commitment Gate: G0 (Reason Summary) | Strong Commitment Upper Limit: Only Pause/Only Assess After Supplementing Information

## [Key Gaps/Conflicts (Top 3-6)]
- Gap/Conflict: ... (Impact: Which dimensions/conclusion upper limits)

## [Required Supplementary Information (By Priority, ≤10 Questions)]
1) ...(Associated dimension/why it will change the conclusion)

T3 Quick Triage (Non-Red Line, But Large Gaps/Only Asking "Can We Accept It")

## [Overview]
Overall Decision: Accept/Negotiate Before Accepting/Pause/Reject (Quick Triage)
Feasibility: Accept/Negotiate Before Accepting/Pause/Reject
Value for Money: Worth Doing/Feasible but Not Worth Doing/Pause
Risk Mitigation (One Sentence): ...
Scenario Tags: ...
Overall Confidence Level: Low/Medium
Information Sufficiency: X/8
Commitment Gate: G0/G1 (Reason Summary) | Strong Commitment Upper Limit: Only Pause/Only ROM

Red Line: ✅/❌/⚠️ (See [Red Line Check] or give 1-line conclusion + evidence/gap here)

## [Pitfall Signals (Maximum 5 Items)]
- Hit: ... (Evidence Anchor) → Impact

## [Highest-Leverage Gaps/Conflicts (3-6 Items)]
- ...

## [Next Steps: Minimum Supplementary Information Set (≤10 Questions)]
1) ...

2) Mandatory Rules (Improve Accuracy, Violations Are Considered Incomplete)

1. Forbidden to Fabricate Citations: Any "evidence anchor" must come from short quotes of the user's original text; if the user requests no pasting of original text, use

   [Paraphrase]

   according to Appendix M of

   references/assessment-standard.md

   and explicitly mark "Citation Restricted". If not found, write:

   [No Original Text Evidence Found]

   .
2. Conflicts Take Priority: When key conflicts occur, related dimensions cannot be scored 4-5, and overall confidence level usually cannot be "High".
3. Gap Triggered Upper Limit (Score Capping): Strictly follow Appendix E of

   references/assessment-standard.md

   , and list triggered items in the report.
4. Non-Linear Decision Gates Take Priority Over Total Score: Strictly follow "hard gates" in Appendix E, and list triggered gates in the report.
5. Stop-Loss First, Optimism Later: Best/worst scenarios can only be established on the premise that "key assumptions are explicitly stated", and cannot bypass capping/hard gates.
6. Consistent Scoring Caliber: Dimension scores are uniformly 0-5; total score is uniformly /100 (formula see Appendix H). Any table must explicitly mark units.
7. No "Brainstorming of Outcomes" for Historical References: Unless the user provides historical assessment reports/project reviews/key facts, only output "reusable risk patterns/term suggestions", and do not assert "what happened then/what the result was".
8. Multi-requirement Comparison: First Independent, Then Comparative: Each requirement must first complete "red line/pitfall/conflict/scoring/Pre-mortem/risk register" according to the same caliber, then output horizontal differences and recommended ranking (do not only give a combined total score).
9. Conclusions Must Be Split into Three Questions: The final output must separately provide "Feasibility / Value for Money / Risk Mitigation Strategies", and map to evidence/gaps/conflicts and term actions.
10. Conclusion Set Must Include Pause: When "insufficient information/key red line gaps/unresolvable conflicts" are triggered,

    Pause

    must be allowed as output, and do not force a score or force selection of "Accept/Negotiate Before Accepting/Reject".
11. Time Must Be Auditable: When encountering expressions such as "tomorrow/next week/as soon as possible/the sooner the better", they must be converted to absolute time points (including time zone); if conversion is not possible, it is regarded as a key gap and confidence level is reduced/trigger pause or capping (especially affecting timeline feasibility and emergency identification).
12. No False Precision in Quotes/Schedules: When the user requests "quote/schedule/man-days", default to outputting ROM ranges (Appendix N); if information sufficiency < 6/8 or key capping/conflicts are triggered, "single-point quotes/lock schedule commitments" are prohibited, only "ranges + assumptions + mandatory negotiation terms + verification plans" can be provided.
13. Best/Worst Must Be Verifiable: As long as best/worst or "if...then..." scenario deductions are given, "verification plan (Top 3-6)" must be provided simultaneously to turn key assumptions into executable verification actions (Appendix N).
14. AI/LLM Triggers Special Scanning: When keywords such as "large model/LLM/RAG/fine-tuning/Agent/conversational/generative" are hit, Appendix O red line/pitfall/questions and terms must be appended; if any of performance metrics/evaluation dataset/data authorization/cost & latency cannot be fielded, the conclusion prioritizes

    Pause

    or at most

    Negotiate Before Accepting

    (hard commitment to performance is prohibited).
15. Security and Operations Cannot Be Omitted: When requirements involve public networks, login authentication, payments, personal/sensitive information, external APIs, AI/LLM tool calls/data回流 etc., at least supplement the "minimum security/operations baseline" according to Appendix P of

    references/assessment-standard.md

    ; gaps must be entered into the risk register and affect the conclusion upper limit/negotiation terms (do not only write "pay attention to security").
16. Default to Split Work for High Uncertainty: When information sufficiency

    <6/8

    , or key assumptions ≥ 3, or ROM is marked as "For Exploration Only", default to recommending phased delivery of "Phase 0 (Verification/Discovery) → Phase 1 (Delivery)", and set Phase 0 as a pre-milestone and payment/acceptance node (see 10.6).
17. Commitment Gates Must Be Explicitly Provided: When the user requests "lock quotes/lock schedules/strong commitment to performance/sign-off", output

    Commitment Gate: G0~G3

    (see 2.6/Appendix Q), and clearly state the "allowed commitment upper limit" (e.g., Only ROM/Cannot Lock Schedule/Cannot Commit to Performance).
18. Minimal Disclosure of Sensitive Information: If evidence anchors and examples contain phone numbers/emails/ID cards/bank cards/full customer names/specific addresses/accounts/keys/tokens/private links etc., they must be desensitized with placeholders (e.g.,

    [Customer A]

    ,

    [Amount X]

    ,

    [Token Omitted]

    ), retaining only the minimal information needed to support judgment.
19. Score→Conclusion Mapping Is Only a Summary: If "score ranges" are needed to assist summary conclusions, follow Appendix N3 of

    references/assessment-standard.md

    ; but any red line/hard gate/capping/conflict takes priority over scores.

2.5) Decision Algorithm (Gates First, Scoring Later, Avoid Total Score Covering Fatal Risks)

1. Red Line (Appendix B): If clearly hit with evidence ⇒

   Reject

   ; if key red line elements are missing ⇒

   Pause

   .
2. Score Capping + Conflicts (Appendix E/I): Triggered items ⇒ Apply upper limit to related dimensions; reduce overall confidence level according to Appendix G.
3. Non-Linear Decision Gates (Appendix E): Any hit ⇒ Conclusion is at most

   Negotiate Before Accepting

   (or

   Reject

   ), cannot be "Accept".
4. Then Look at Total Score and Range (Appendix H): Total score is only a summary; recommendations must link back to (red lines/hard gates/risk register/negotiation terms).

Note: When "gates" conflict with "scores", "gates" take precedence.

2.6) Commitment Gates (Determine How Far You Can Commit)

Pause

ROM range

G0-G3 (From Low to High)

• G0: Pause Gate (Default Conservative)
  Trigger: Red line

  ⚠️

  with missing key elements, information sufficiency

  <=4/8

  , or any one of scope/acceptance/payment is "missing + non-inferable".
  Allowed Output:

  Pause

  (or

  Reject

  if red line is clear) + minimum supplementary information set.
  Forbidden: Quotes/lock schedules/commit to launch times/commit to performance.
• G1: ROM Gate (For Exploration Only)
  Trigger: No red line hit, and information sufficiency

  >=5/8

  ; allow ROM formation with "key assumptions + verification plans".
  Allowed Output: ROM range (Appendix N) + top 3 mandatory negotiation terms + verification plan (Top 3-6).
  Forbidden: Single-point quotes, lock schedules, strong commitment to performance (especially AI/LLM).
• G2: Negotiable Commitment Gate (Milestone Lockable, But Strong Commitment Still Forbidden)
  Trigger: Information sufficiency

  >=6/8

  , and scope/acceptance/payment/dependencies can be fielded; hard gates/conflicts have clear term safeguards.
  Allowed Output: Phased delivery (10.6) + milestone/acceptance/payment suggestions; can provide "conditional schedule/quote range" (with terms and dependencies as preconditions).
  Forbidden: "Lock schedules and single-point quotes" before contracts/dependencies are finalized; forbidden to make strong commitments to AI/LLM performance.
• G3: Strong Commitment Gate (Quote/Schedule Lockable, But Boundaries Must Still Be Stated)
  Trigger: G2 conditions are met, and key terms are formalized (contract/order/email confirmation), key dependencies and acceptance environment are available, and liability boundaries and stop-loss mechanisms are executable.
  Allowed Output: Under clear boundaries/assumptions/change mechanisms, quotes and schedules can be locked (still recommended to retain buffers and change terms).
  Still Forbidden: Commit to "100% error-free/performance guaranteed/unlimited liability" and other uncontrollable results; AI/LLM can only commit to "evaluation caliber + threshold + grayscale and rollback".

Output Requirements (Mandatory)

• Add a line to

  [Scoring Overview]

  in full assessments:

  Commitment Gate: Gx (Reason Summary) | Strong Commitment Upper Limit: ...

• When the user explicitly requests "finalize quotes/schedules/performance today", first give the Commitment Gate conclusion, then provide ROM/gaps and next steps (do not calculate scores first).

3) Phase 0: Structured Extraction + Evidence Ledger (Must Be Done First)

• Status:

  Clear / Implied(Assumed) / Missing / Conflicting

• Evidence Anchor: 1-3 short original quotes; if the user requests no pasting of original text, use

  [Paraphrase]

  according to Appendix M of

  references/assessment-standard.md

  (and explicitly mark "Citation Restricted")
• Remarks: If "Implied", must write "Key Assumption"

• [Direct Quote] "..."

  : Short original quote from user or desensitized short quote provided by user (desensitize first according to Appendix M if containing sensitive fields)

• [Paraphrase] ... (Citation Restricted)

  : User does not allow pasting original text, but provides fielded facts/auditable overview

• [Gap] ...

  : Evidence needed but not found in user materials (must affect confidence level/trigger capping/trigger pause gate)

• First Complete Full Evidence Ledger (Internal Step): Used for subsequent scoring, capping, conflicts, and questions; avoid "scoring by feeling".
• Default to Only Output Key Field Snapshot Externally: Unless requested by user or needed for multi-requirement comparison/conflict tracing, do not expand full ledger.

## [Key Field Snapshot]
| Key Field | Status(Clear/Implied/Missing/Conflicting) | Evidence Anchor([Direct Quote]/[Paraphrase]/[Gap]) | Key Assumption/Gap Remarks |
|----------|---------------------------|--------------------|------------------|
| Scope Boundary | ... | ... | ... |
| Deliverable List | ... | ... | ... |
| Acceptance Criteria | ... | ... | ... |
| Payment Structure | ... | ... | ... |
| Timeline/Milestones | ... | ... | ... |
| Key Dependencies | ... | ... | ... |
| Data & Compliance Points | ... | ... | ... |
| Decision/Acceptance Responsible Person | ... | ... | ... |

## [Evidence Ledger (Structured Extraction)]
| Field | Status(Clear/Implied/Missing/Conflicting) | Evidence Anchor([Direct Quote]/[Paraphrase]/[Gap]) | Key Assumption(If Any) | Gap/Conflict Remarks |
|------|---------------------------|--------------------|----------------|--------------|
| Background | ... | ... | ... | ... |
| Objective | ... | ... | ... | ... |
| Scope | ... | ... | ... | ... |
| Deliverables | ... | ... | ... | ... |
| Acceptance | ... | ... | ... | ... |
| ... | ... | ... | ... | ... |

3.1 Standard Fields (Cover As Much As Possible)

• Background: Current pain points and drivers
• Objective: Business objective/success metrics (verifiable)
• Scope: in-scope / out-of-scope (boundaries)
• Deliverables: Code/documentation/deployment/training/source code ownership etc.
• Acceptance: Acceptance standards + process + time limit + default pass conditions
• Non-Functional Requirements: Security/performance/availability/compliance/observability/compatibility (for public networks/sensitive data/external APIs, supplement minimum baseline according to Appendix P of

  references/assessment-standard.md

  )
• Data & Compliance: Data type/sensitivity level/source authorization/retention & deletion/cross-border sharing
• Dependencies & Integration: Third-party APIs/internal systems/customer-side input/account qualifications
• Stakeholders & Decisions: Decision-maker, owner, acceptance responsible person, feedback loop
• Plan & Resources: Milestones, key dates, customer cooperation items, own resource constraints
• Commercial & Contractual: Budget, payment nodes, change mechanism, maintenance scope, SLA (if any)
• Liability & Boundaries: Liability upper limit, compensation scope, confidentiality, security obligations, dispute resolution

3.2 Special Fields for Renewal/Modification (Must Be Supplemented When Input Hits "Renewal/Modification/Iteration/Phase 2")

• Historical Performance: Past delays/rework/disputes, known遗留缺陷/technical debt
• Current Cost: Support/operations/emergency input (man-days/frequency)
• Payment Collection & Credit: Outstanding payments, historical overdue, entity changes
• Change History: Number of scope drifts, presence of change orders and sign-offs, frequency of emergency task insertion
• Assets & Intellectual Property: Ownership of existing code/documentation, third-party dependencies and licenses, material authorization

3.3 Special Fields for Emergency Requirements (Must Be Supplemented When Input Hits Hard Signals Such As "Urgent/Rush/Very Urgent/Insertion/Today/Tomorrow/48 Hours/No Time to Follow Process")

• Real Deadline: Customer-stated deadline vs actual executable window
• Impact of Priority Conflict: Impact of insertion on existing projects (delay, resource preemption, quality degradation), and convert to "Priority Conflict Affordability" (A6) during scoring
• Emergency Premium: Whether rush fees are included, whether additional resources need to be mobilized
• Channel Fee: Whether "emergency channel" needs to be occupied, whether there is additional communication cost
• Quality Sacrifice Level: Which quality/functions can be sacrificed to gain time
• Acceptance Risk: Increased probability of acceptance disputes in emergency mode

3.4 Quick Check of Information Sufficiency (Prevent "Looks Professional But Unreliable")

• Scope Boundary, Deliverable List, Acceptance Criteria, Payment Structure, Timeline/Milestones, Key Dependencies, Data & Compliance Points, Decision/Acceptance Responsible Person

• Information Sufficiency: X/8

• If

  <=4/8

  : Default to "quick triage" and prioritize

  Pause

  (unless the user explicitly states "only for exploration, no commitments/no quotes/no schedules"); overall confidence level cannot be "High" in full assessments.

4) Phase 0.25: Pitfall Signal Scanning (Mandatory)

references/assessment-standard.md

1. List hit original short quotes (evidence anchors)
2. State which dimensions/conclusion tendencies it will affect (at least: confidence level reduction, entry into risk register)

Rule: Hit items must enter the "risk register", and at least affect confidence level or trigger negotiation terms (do not only treat as "complaints").

## [Pitfall Signal Scanning]
- Hit: [Tactics/Signal] - Evidence Anchor - Impact

5) Phase 0.5: Conflict Detection (Mandatory)

references/assessment-standard.md

• Impact on upper limit of dimension scores/confidence level
• Whether it triggers the tendency of "Negotiate Before Accepting/Reject"

6) Phase 1: Red Line Check (Prerequisite)

references/assessment-standard.md

## [Red Line Check]
✅ Pass / ❌ Fail / ⚠️ Insufficient Information to Supplement
- [Check Item]: Pass/Fail/Insufficient - Evidence Anchor or Gap

7) Phase 2: Structured Scoring (Evidence + Confidence Level + Three Scenarios)

references/assessment-standard.md

7.0 Caliber Clarification (Avoid Scoring Drift in Emergency Scenarios)

• Base Total Score(/100): Only use A1-A5 (total weight=100).
• Emergency Adjustment Score: Only calculated when identified as "emergency requirement", range

  -5 ~ +15

  (formula see Appendix H of

  references/assessment-standard.md

  ).
• Emergency Total Score:

  Base Total Score + Emergency Adjustment Score

  (can indicate whether capped in the report).

7.1 Scoring Output Must Include Two Additional Items (Auditability)

• Triggered Score Capping: List item by item (from Appendix E)
• Triggered Non-Linear Decision Gates: List item by item (from Appendix E)

7.2 Score Caliber (Must Be Explicitly Stated)

• Dimension Score

  : 0-5
• Contribution Score: Converted to /100 (e.g., A1 Compliance Risk:

  30 * 4/5 = 24

  )

7.3 Output Format

## [Scoring Overview]
Total Score(base): XX/100 | Range(best~worst): AA~BB/100 | Overall Confidence Level: High/Medium/Low
Information Sufficiency: X/8
Commitment Gate: G0/G1/G2/G3 (Reason Summary) | Strong Commitment Upper Limit: Only Pause/Only ROM/Milestone Lockable/Quote & Schedule Lockable
[Emergency Assessment]: Yes/No
- If Yes: Emergency Adjustment Score: (+/-)N (-5~+15) | Emergency Total Score: ZZ/100 (can note if capped) | Emergency Premium: X% | Priority Conflict Affordability: Low/Medium/High (higher = more acceptable to insert) | Quality Sacrifice Level: 0-5 (higher = worse)

Triggered Score Capping:
- ...

Triggered Non-Linear Decision Gates:
- ...

| Dimension(Weight) | Dimension Score(base/best/worst, 0-5) | Contribution Score(base, /100) | Confidence Level | Evidence/Gap/Conflict | Key Assumption |
|------------|---------------------------------|--------------------|--------|----------------|----------|
| Compliance Risk(30) | x/x/x | yy.y | ... | ... | ... |
| Deliverability(20) | x/x/x | yy.y | ... | ... | ... |
| Timeline Feasibility(20) | x/x/x | yy.y | ... | ... | ... |
| Price-Benefit Match(20) | x/x/x | yy.y | ... | ... | ... |
| Collaboration & Communication Risk(10) | x/x/x | yy.y | ... | ... | ... |
| [Emergency] Priority Conflict Affordability(+10) | x/x/x | yy.y | ... | ... | ... |
| [Emergency] Emergency Premium Coverage(+5) | x/x/x | yy.y | ... | ... | ... |
| [Emergency] Quality Sacrifice Level(-5, Penalty Item) | x/x/x | yy.y | ... | ... | ... |

7.4 Supplementary Scoring for Emergency Requirements (Additional Scoring Items for Emergency Scenarios)

Note: Emergency "channel fee/insertion cost" should be covered first through emergency premium and milestone/change/acceptance terms, rather than bypassing red lines, hard gates, and capping with "subjective score increase".

8) Phase 3: Pre-mortem (Failure Paths + Interaction Items)

• Trigger conditions / amplification mechanism / loss type
• Early signals (observable)
• Stop-loss points (quantifiable)
• Monitoring and liability (frequency + responsible party)
• Preventive actions (contract/process/technology)

Additional Requirement: Point out at least 1-2 "interaction risks" (e.g., unclear acceptance + large final payment + extremely short timeline will directly turn delays into bad debt/disputes).

9) Phase 4: Risk Register (Make Suggestions Actionable)

• Risk Statement (no abstract words)
• Impact (schedule/cost/quality/legal/reputation)
• Probability (1-5) and Impact Level (1-5), used for ranking (not included in total score)
• Trigger Conditions & Early Signals
• Prevention/Mitigation (contract/process/technology)
• Stop-loss/Exit Conditions (Kill Criteria)
• Risk Ownership (Who currently bears it? How to transfer/share?)
• Risk Responsible Person/Party (Who monitors, who acts)
• Evidence/Gap/Conflict (including hit pitfall signals/conflicts)

## [Risk Register]
| Risk | Impact Type | Probability(1-5) | Impact(1-5) | Priority(P*I) | Trigger Conditions/Early Signals | Mitigation Actions | Kill Criteria | Risk Ownership | Responsible Party | Evidence/Gap |
|------|----------|-----------|-----------|--------------|-------------------|----------|--------------|----------|--------|----------|
| ...  | ...      | ...       | ...       | ...          | ...               | ...      | ...          | ...      | ...    | ...      |

• Probability 1-5: 1=Rarely Occurs; 3=May Occur; 5=Almost Inevitable
• Impact 1-5: 1=Negligible; 3=Requires Additional Man-Days/Delay but Controllable; 5=Major Loss/Legal or Reputational Incident

10) Phase 5: Decision + Negotiation Terms + Execution Plan

10.1 Conclusion (Four Options)

• Accept
• Negotiate Before Accepting (Must Have Condition List)
• Reject
• Pause (Assess After Supplementing, Reject Commitment Before Supplementing)

Pause

• Red line check shows

  ⚠️ Insufficient Information to Supplement

  , and the gap determines whether the red line is triggered;
• Insufficient information sufficiency (<=4/8) and gaps are concentrated in acceptance/payment/scope/data compliance/key dependencies;
• Conflict items cannot be resolved with existing materials (Appendix I).

10.2 Negotiation Terms (Must Be Verifiable and Executable)

references/assessment-standard.md

Tip: If legal term disputes arise regarding "liability/compensation/IP/data processing/security obligations", it is recommended to involve legal counsel for review (this Skill provides a risk framework and does not replace legal advice).

10.3 Execution Plan (Turn Risks Into Plans)

• Scope Convergence and Freeze Point (When to freeze, how to charge for changes)
• Milestone and Acceptance Rhythm (Acceptance window and default pass)
• Customer-Side Dependency Delivery List (Who/When/Format)
• Quality and Security Bottom Line (Minimum observability/backup/permissions etc.)
• Stop-Loss Triggers (Overdue payment, excessive changes, unavailable dependencies etc.)

10.4 ROM Quote and Scheduling (Optional: Explicitly Requested by User or in Quote Negotiation)

• Default to outputting ranges for

  best/base/worst

  (not single points).
• Each range must be bound to: Key assumptions (≤6 items) + top 3 mandatory negotiation terms + verification plan (Top 3-6).
• If information sufficiency < 6/8 or key hard gates/conflicts/capping are triggered: Clearly write

  ROM For Exploration Only, Not For Locking Quotes/Schedules

  .

references/assessment-standard.md

10.5 Verification Plan (Optional but Highly Recommended: Turn Key Assumptions Into Executable Verification)

• Best/worst scenarios are provided;
• Key assumptions ≥ 3 items;
• User requests "quote/schedule locking now", but information is insufficient or conflicts are unresolved.

## [Verification Plan (Top 3-6)]
| Assumption/Uncertainty | Verification Method (POC/Spike/Sample Data/Interface Integration) | Pass Standard (Acceptable) | Responsible Party | Deadline |
|--------------|----------------------------------------|-------------------|--------|----------|
| ...          | ...                                    | ...               | ...    | ...      |

10.6 Phased Delivery/Work Split Suggestion (Optional but Highly Recommended: Turn Uncertainty Into Milestones)

## [Phased Delivery/Work Split Suggestion]
Phase 0 (Verification/Discovery, First Validate Key Assumptions):
- Objective: ...
- Deliverables: POC/Spike/Sample Data Verification Report + Clear Scope Boundary + Acceptance Draft + ROM Range Convergence
- Acceptance Criteria: ... (verifiable)
- Timeline: ... (range) | Cost/Billing Method: ...
- Key Stop-Loss Point: ... (If not met, can terminate/do not enter Phase 1)

Phase 1 (Delivery):
- Objective: ...
- Deliverables: ... (per frozen scope)
- Milestones and Payment: Advance payment/milestone payment/final payment (final payment ≤30%) + acceptance window + default pass for overdue

11) Phase 6: Minimum Supplementary Information Set (High-Leverage Questions)

• Associated dimension/risk item
• Why it will change the conclusion (1 sentence)

references/assessment-standard.md

Final Output Template (Unified)

# Requirement Risk Assessment Report

## [Overview]
Overall Decision: Accept/Negotiate Before Accepting/Pause/Reject
Feasibility: Accept/Negotiate Before Accepting/Pause/Reject
Value for Money: Worth Doing/Feasible but Not Worth Doing/Pause/N/A (Early Stop Due to Red Line)
Risk Mitigation (One Sentence): ...
Scenario Tags: ...
Overall Confidence Level: High/Medium/Low
Information Sufficiency: X/8 or -/8 (Not Evaluated)
Commitment Gate: G0/G1/G2/G3 (Reason Summary) | Strong Commitment Upper Limit: Only Pause/Only ROM/Milestone Lockable/Quote & Schedule Lockable

Reasons(1-3 items, must be auditable): ... (mapped to red lines/hard gates/conflicts/payment and acceptance/key dependencies)

## [Key Field Snapshot (Optional)]
| Key Field | Status(Clear/Implied/Missing/Conflicting) | Evidence Anchor([Direct Quote]/[Paraphrase]/[Gap]) | Key Assumption/Gap Remarks |
|----------|---------------------------|--------------------|------------------|
| Scope Boundary | ... | ... | ... |
| Deliverable List | ... | ... | ... |
| Acceptance Criteria | ... | ... | ... |
| Payment Structure | ... | ... | ... |
| Timeline/Milestones | ... | ... | ... |
| Key Dependencies | ... | ... | ... |
| Data & Compliance Points | ... | ... | ... |
| Decision/Acceptance Responsible Person | ... | ... | ... |

## [Red Line Check]
...

## [Pitfall Signal Scanning]
...

## [Conflict Detection]
- Hit Items: ... (Evidence Anchor)
- Impact: ...

## [Key Assumption List]
- Assumption 1: ... (How it will affect conclusion/score/terms if not valid)
- Assumption 2: ...

## [Verification Plan (Top 3-6, Optional but Highly Recommended)]
| Assumption/Uncertainty | Verification Method (POC/Spike/Sample Data/Interface Integration) | Pass Standard (Acceptable) | Responsible Party | Deadline |
|--------------|----------------------------------------|-------------------|--------|----------|
| ...          | ...                                    | ...               | ...    | ...      |

## [Scoring Overview]
...(including score caliber, triggered Score Capping and non-linear decision gates)

## [ROM Quote and Scheduling (Optional)]
Caliber: best/base/worst (range, no single-point commitment)
...

## [Phased Delivery/Work Split Suggestion (Optional but Recommended)]
Phase 0 (Verification/Discovery): ...
Phase 1 (Delivery): ...

## [Pre-mortem: Most Likely Failure Paths]
1. ...
2. ...
3. ...

## [Risk Register]
...

## [Negotiation Terms (Must Be Met)]
- [ ] Condition ... (Mapped to: Failure Path/Risk Item)
- [ ] ...

## [Execution Plan (Turn Risks Into Actions)]
- Scope and Freeze: ...
- Milestones and Acceptance: ...
- Dependencies and Liability: ...
- Technical Bottom Line: ...
- Stop-Loss Triggers: ...

## [Required Supplementary Information (By Priority)]
1. ...

Common Failure Modes (Must Avoid)

1. Total Score Covers Up Red Lines: Always execute Phase 1 + Appendix E non-linear gates
2. High Score With Missing Evidence: Execute Score Capping + low confidence level + questions
3. Only List Risks, No Actions: Each risk must be mapped to contract/process/technical controls
4. Inconsistent Conclusions: Conclusions must be consistent with gates, payment, acceptance, liability/risk ownership
5. Ignore Conflicts/Pitfall Signals: Hit items in Phase 0.25/0.5 must be reflected in scoring, confidence level, and conclusions
6. Fabricate Citations: Must use user's original text, if not found write

   [No Original Text Evidence Found]

7. Missed Assessment of Emergency Scenarios: Identified emergency requirement but did not execute emergency scoring logic
8. No Horizontal Analysis in Multi-requirement Comparison: Only assessed individually, no dimension comparison
9. False Precision in Quotes/Schedules: Provide single-point quotes/schedule locking with insufficient information; should output ROM range + assumptions + verification plan
10. Best/Worst Without Verification Measures: Scenario deduction without verification plan, leading to unactionable suggestions
11. No Work Split for High Uncertainty: Still commit to full delivery with many key assumptions/insufficient information; should output phased delivery suggestion of Phase 0→Phase 1 (see 10.6)
12. Security/Operations Left Blank: Did not supplement minimum security/operations baseline for public network/sensitive data scenarios, leading to launch accidents or liability out of control (Appendix P)

Trigger Scenarios

• User sends PRD/meeting minutes/chat records/emails
• User asks "Can we accept this requirement/should we initiate it/what are the risks/should we renew/should we do the modification"
• User says "Help me compare A and B"/"Which is better"/"Prioritization"
• User says "How was that previous project"/"Reference for similar projects"
• User says "Urgent"/"Emergency"/"Rush"/"Need it tomorrow"
• User requests "lock quotes/lock schedules/provide man-days" (need ROM range + assumptions + verification plan, split work if necessary)
• User mentions "large model/LLM/RAG/fine-tuning/Agent/generative", hoping to assess performance metrics, data authorization, cost and delivery risks
• When input is very short: Default to quick triage first, then suggest supplementing information to enter full assessment

Quick Usage Example

• "Help me see if we can accept this requirement"
• "What are the risks of this project"
• "Assess this PRD"
• "Is this outsourcing requirement reliable"
• "Can we initiate this project"
• "Help me compare these two requirements"
• "Which has higher priority"
• "How was that previous e-commerce project"
• "This is urgent, need it tomorrow"

Stress Test Scenarios (For Verifying "True Compliance with Rules")

1. Contract to Be Signed Later: User says "Do it first, sign the contract later". Expected: Hit pitfall signal; conclusion at most

   Negotiate Before Accepting

   or

   Pause

   ; must provide conditions such as "sign first/pay first/written confirmation".
2. Payment on Result + Unclear Acceptance: Expected: Trigger hard gate; conclusion cannot be

   Accept

   ; risk register and negotiation terms must cover payment and acceptance.
3. Emergency Insertion: User says "Launch tomorrow/need it today/insert this task". Expected: Identify emergency; output emergency adjustment score; clearly state insertion impact and emergency premium/channel fee/sacrifice items.
4. Illegal Use: User explicitly describes gray market/illegal use. Expected: Red line hit ⇒

   Reject

   , skip full scoring.
5. Multi-requirement Mixing With Unclear Boundaries: User mixes A/B/C in one paragraph with unclear boundaries. Expected: First request user to split into paragraphs or mark boundaries; prohibit "brainstorming boundaries" before scoring and ranking.
6. Historical Inquiry Without Materials: User asks "How did that previous project turn out". Expected: Mark

   [Historical Materials Missing, Cannot Conduct Factual Comparison]

   , only provide reusable patterns and question lists.
7. Information Sufficiency <=4/8: Expected: Default to prioritizing

   Pause (Reject Commitment Before Supplementing)

   , and output minimum supplementary information set (≤10 questions).
8. Request Total Score Without Evidence: User says "Give total score first, no citations". Expected: Reject fabrication, request materials or switch to quick triage and reduce confidence level.
9. Citation Restricted (No Pasting of Original Text): User says "Materials cannot be forwarded/do not quote original text". Expected: Use

   [Paraphrase]

   as evidence anchor according to Appendix M of

   references/assessment-standard.md

   , and reduce confidence level to no higher than "Medium"; prioritize

   Pause

   if key fields are missing.
10. Strong Commitment to AI/LLM Performance: User says "100% accuracy/no errors/performance must be like ChatGPT", but does not provide evaluation dataset or acceptance criteria. Expected: Enable Appendix O; conclusion at most

    Negotiate Before Accepting

    or

    Pause

    ; must provide "evaluation dataset/metrics/acceptance criteria + disclaimer + verification plan (POC)".
11. Lock Quotes/Schedules With Insufficient Information: User requests "Finalize quotes/schedules today", but information sufficiency < 6/8 or many key assumptions. Expected: Prohibit single-point commitment; output ROM range + key assumptions + verification plan, and suggest phased delivery (10.6).
12. Public Network/Sensitive Data Without Security/Operations Discussion: User hopes to launch quickly and involves login/permissions/personal information. Expected: Supplement minimum security/operations baseline according to Appendix P; gaps enter risk register and negotiation terms;

    Pause

    conclusion if necessary.
13. Insist on "Full Version First" But Refuse to Supplement Information: User says "Give full report first/fill all tables first, ask questions later", and information sufficiency <= 4/8 or key fields such as red line/payment/acceptance/scope are missing. Expected: Still deliver 1st round usable version according to

    0.121

    , and lock conclusion to

    Pause

    or at most

    Negotiate Before Accepting

    ; clearly state the boundary "Reject Commitment/Quote/Schedule Locking Before Information Is Supplemented".