Vibe Index
🎯

risk-based-testing

🎯Skill

from proffesor-for-testing/agentic-qe

VibeIndex|
What it does

Prioritizes testing efforts by systematically assessing and ranking risks based on probability and potential impact across software components.

risk-based-testing

Installation

Install skill:
npx skills add https://github.com/proffesor-for-testing/agentic-qe --skill risk-based-testing
4
Last UpdatedJan 26, 2026
View on GitHubBack to Skills

Skill Details

SKILL.md

"Focus testing effort on highest-risk areas using risk assessment and prioritization. Use when planning test strategy, allocating testing resources, or making coverage decisions."

Overview

# Risk-Based Testing

When planning tests or allocating testing resources:

  1. IDENTIFY risks: What can go wrong? What's the impact? What's the likelihood?
  2. CALCULATE risk: Risk = Probability Γ— Impact (use 1-5 scale for each)
  3. PRIORITIZE: Critical (20+) β†’ High (12-19) β†’ Medium (6-11) β†’ Low (1-5)
  4. ALLOCATE effort: 60% critical, 25% high, 10% medium, 5% low
  5. REASSESS continuously: New info, changes, production incidents

Quick Risk Assessment:

  • Probability factors: Complexity, change frequency, developer experience, technical debt
  • Impact factors: User count, revenue, safety, reputation, regulatory
  • Dynamic adjustment: Production bugs increase risk; stable code decreases

Critical Success Factors:

  • Test where bugs hurt most, not everywhere equally
  • Risk is dynamic - reassess with new information
  • Production data informs risk (shift-right feeds shift-left)

Quick Reference Card

When to Use

  • Planning sprint/release test strategy
  • Deciding what to automate first
  • Allocating limited testing time
  • Justifying test coverage decisions

Risk Calculation

```

Risk Score = Probability (1-5) Γ— Impact (1-5)

```

| Score | Priority | Effort | Action |

|-------|----------|--------|--------|

| 20-25 | Critical | 60% | Comprehensive testing, multiple techniques |

| 12-19 | High | 25% | Thorough testing, automation priority |

| 6-11 | Medium | 10% | Standard testing, basic automation |

| 1-5 | Low | 5% | Smoke test, exploratory only |

Probability Factors

| Factor | Low (1) | Medium (3) | High (5) |

|--------|---------|------------|----------|

| Complexity | Simple CRUD | Business logic | Algorithms, integrations |

| Change Rate | Stable 6+ months | Monthly changes | Weekly/daily changes |

| Developer Experience | Senior, domain expert | Mid-level | Junior, new to codebase |

| Technical Debt | Clean code | Some debt | Legacy, no tests |

Impact Factors

| Factor | Low (1) | Medium (3) | High (5) |

|--------|---------|------------|----------|

| Users Affected | Admin only | Department | All users |

| Revenue | None | Indirect | Direct (checkout) |

| Safety | Convenience | Data loss | Physical harm |

| Reputation | Internal | Industry | Public scandal |

---

Risk Assessment Workflow

Step 1: List Features/Components

```

Feature | Probability | Impact | Risk | Priority

--------|-------------|--------|------|----------

Checkout | 4 | 5 | 20 | Critical

User Auth | 3 | 5 | 15 | High

Admin Panel | 2 | 2 | 4 | Low

Search | 3 | 3 | 9 | Medium

```

Step 2: Apply Test Depth

```typescript

await Task("Risk-Based Test Generation", {

critical: {

features: ['checkout', 'payment'],

depth: 'comprehensive',

techniques: ['unit', 'integration', 'e2e', 'performance', 'security']

},

high: {

features: ['auth', 'user-profile'],

depth: 'thorough',

techniques: ['unit', 'integration', 'e2e']

},

medium: {

features: ['search', 'notifications'],

depth: 'standard',

techniques: ['unit', 'integration']

},

low: {

features: ['admin-panel', 'settings'],

depth: 'smoke',

techniques: ['smoke-tests']

}

}, "qe-test-generator");

```

Step 3: Reassess Dynamically

```typescript

// Production incident increases risk

await Task("Update Risk Score", {

feature: 'search',

event: 'production-incident',

previousRisk: 9,

newProbability: 5, // Increased due to incident

newRisk: 15 // Now HIGH priority

}, "qe-regression-risk-analyzer");

```

---

ML-Enhanced Risk Analysis

```typescript

// Agent predicts risk using historical data

const riskAnalysis = await Task("ML Risk Analysis", {

codeChanges: changedFiles,

historicalBugs: bugDatabase,

prediction: {

model: 'gradient-boosting',

factors: ['complexity', 'change-frequency', 'author-experience', 'file-age']

}

}, "qe-regression-risk-analyzer");

// Output: 95% accuracy risk prediction per file

```

---

Agent Coordination Hints

Memory Namespace

```

aqe/risk-based/

β”œβ”€β”€ risk-scores/* - Current risk assessments

β”œβ”€β”€ historical-bugs/* - Bug patterns by area

β”œβ”€β”€ production-data/* - Incident data for risk

└── coverage-map/* - Test depth by risk level

```

Fleet Coordination

```typescript

const riskFleet = await FleetManager.coordinate({

strategy: 'risk-based-testing',

agents: [

'qe-regression-risk-analyzer', // Risk scoring

'qe-test-generator', // Risk-appropriate tests

'qe-production-intelligence', // Production feedback

'qe-quality-gate' // Risk-based gates

],

topology: 'sequential'

});

```

---

Integration with CI/CD

```yaml

# Risk-based test selection in pipeline

  • name: Risk Analysis

run: aqe risk-analyze --changes ${{ github.event.pull_request.files }}

  • name: Run Critical Tests

if: risk.critical > 0

run: npm run test:critical

  • name: Run High Tests

if: risk.high > 0

run: npm run test:high

  • name: Skip Low Risk

if: risk.low_only

run: npm run test:smoke

```

---

Related Skills

  • [agentic-quality-engineering](../agentic-quality-engineering/) - Risk-aware agents
  • [context-driven-testing](../context-driven-testing/) - Context affects risk
  • [regression-testing](../regression-testing/) - Risk-based regression selection
  • [shift-right-testing](../shift-right-testing/) - Production informs risk

---

Remember

Risk = Probability Γ— Impact. Test where bugs hurt most. Critical gets 60%, low gets 5%. Risk is dynamic - reassess with new info. Production incidents raise risk scores.

With Agents: Agents calculate risk using ML on historical data, select risk-appropriate tests, and adjust scores from production feedback. Use agents to maintain dynamic risk profiles at scale.

More from this repository10

🎯
n8n-security-testing🎯Skill

Automates security vulnerability scanning and penetration testing for n8n workflows, identifying potential risks and misconfigurations.

🎯
database-testing🎯Skill

Validates database schemas, tests data integrity, verifies migrations, checks transaction isolation, and measures query performance.

🎯
brutal-honesty-review🎯Skill

Delivers unvarnished technical criticism with surgical precision, combining expert-level BS detection and zero-tolerance for low-quality work.

🎯
n8n-expression-testing🎯Skill

n8n-expression-testing skill from proffesor-for-testing/agentic-qe

🎯
n8n-trigger-testing-strategies🎯Skill

Validates n8n workflow triggers by comprehensively testing webhook, schedule, polling, and event-driven mechanisms with robust payload and authentication checks.

🎯
n8n-integration-testing-patterns🎯Skill

Validates n8n integration connectivity, authentication flows, and error handling across external service APIs through comprehensive testing patterns.

🎯
six-thinking-hats🎯Skill

Applies Six Thinking Hats methodology to systematically analyze software testing challenges from multiple perspectives, enhancing decision-making and test strategy development.

🎯
test-environment-management🎯Skill

Provisions and manages consistent, cost-effective test environments using Docker, Kubernetes, and infrastructure as code for reliable software testing.

🎯
shift-left-testing🎯Skill

Accelerates software quality by moving testing earlier in development, reducing defect costs through proactive validation, automated testing, and continuous improvement practices.

🎯
context-driven-testing🎯Skill

context-driven-testing skill from proffesor-for-testing/agentic-qe