risk-management-specialist
by alirezarezvanirisk-management-specialist helps AI agents draft ISO 14971:2019 medical device risk work products, including plans, hazard analyses, FMEA tables, risk controls, residual risk summaries, and post-production review inputs. Includes references, templates, and helper scripts for Regulatory Affairs and Quality workflows.
This skill scores 84/100, making it a solid listing candidate for directory users who need an agent to support ISO 14971-style medical device risk management. The repository evidence shows enough workflow detail, templates, references, and executable helper scripts for an agent to do more than answer from a generic prompt, though installation guidance and compliance caveats should be clearer.
- Strong triggerability: the frontmatter explicitly names ISO 14971, FMEA, fault tree analysis, hazard identification, risk controls, residual risk, risk acceptability, and post-market risk triggers.
- Substantial operational content: SKILL.md includes lifecycle workflows for planning, risk analysis, evaluation, controls, post-production risk management, templates, decision frameworks, tools, and references.
- Useful supporting assets: three reference documents provide ISO 14971 implementation guidance, risk-analysis method selection, and assessment templates, while two scripts support FMEA analysis and risk-matrix/RPN calculations.
- No install command or README is present in the skill path, so users may need to infer installation from the parent repository conventions.
- Because it addresses regulated medical-device risk management, outputs should be treated as workflow/documentation support rather than a substitute for qualified regulatory review.
Overview of risk-management-specialist skill
What risk-management-specialist is for
The risk-management-specialist skill helps an AI agent produce ISO 14971:2019-oriented medical device risk management work products: risk management plans, hazard analyses, FMEA tables, risk evaluation logic, risk control reasoning, residual risk summaries, and post-production risk review inputs. It is best suited for Regulatory Affairs, Quality, clinical engineering, software safety, and product teams that need structured risk documentation rather than a generic brainstorming list.
Best-fit users and decisions supported
Use this skill when you need to decide how to structure a medical device risk file, choose between analysis methods, define probability and severity criteria, or turn design information into traceable hazards, hazardous situations, harms, controls, and residual risks. It is especially useful as a risk-management-specialist for Regulatory Affairs assistant when preparing draft content for ISO 14971-aligned design history files, technical documentation, or audit-ready review packages.
What makes it different from a normal prompt
The repository includes a substantial SKILL.md, ISO 14971 implementation guidance, method selection references, reusable assessment templates, and two Python helper scripts. That means the risk-management-specialist skill can guide the agent through planning, analysis, evaluation, control, residual risk, reporting, and production/post-production activities with less guesswork than a one-off prompt.
Main adoption cautions
This skill does not replace qualified risk management review, clinical judgment, usability engineering, cybersecurity analysis, or formal regulatory sign-off. Its scoring examples and templates must be aligned with your company’s risk acceptability policy, device classification, intended use, market, and quality management system before use in controlled documentation.
How to Use risk-management-specialist skill
risk-management-specialist install and files to inspect first
Install the skill from the repository path using your skill manager, for example:
npx skills add alirezarezvani/claude-skills --skill risk-management-specialist
After install, read these files in order:
SKILL.mdfor the main lifecycle workflow and trigger scope.references/iso14971-implementation-guide.mdfor plan, report, residual risk, and post-production structure.references/risk-analysis-methods.mdfor choosing FMEA, FTA, HAZOP, use error analysis, or software hazard analysis.references/risk-assessment-templates.mdfor worksheet formats.scripts/risk_matrix_calculator.pyandscripts/fmea_analyzer.pyif you want repeatable scoring support.
Inputs the skill needs for reliable output
The risk-management-specialist usage pattern works best when you provide the device context, not just the document name. Include device type, intended use, patient/user population, environment of use, lifecycle phase, relevant standards, risk acceptability criteria, known hazards, architecture or process steps, existing controls, and the output format you need.
Weak prompt:
Create a risk analysis for our device.
Stronger prompt:
Use
risk-management-specialistto draft an ISO 14971 hazard analysis for a Class II infusion pump concept. Intended use: controlled IV medication delivery in hospital wards. Users: trained nurses. Focus on software-controlled flow rate, occlusion detection, battery operation, alarm handling, and use errors. Use a 5x5 probability/severity matrix, identify hazardous situations and harms, propose risk controls, and separate initial from residual risk.
Practical workflow for a complete risk package
Start with a risk management plan before asking for detailed analysis. Then ask the skill to identify hazards by subsystem or process step, select the best method from the method guide, populate a hazard analysis or FMEA worksheet, evaluate risk acceptability, propose controls, and summarize residual risk. For mature products, add production and post-production inputs such as complaints, CAPA signals, field safety notices, nonconformities, usability feedback, and trend data.
A useful sequence is:
- Draft risk management plan scope and criteria.
- Build preliminary hazard list.
- Run FMEA or hazard analysis by subsystem.
- Review unacceptable and high residual risks.
- Add verification evidence placeholders.
- Generate risk management report summary.
Using the helper scripts
Use scripts/risk_matrix_calculator.py when you need consistent probability/severity mapping or quick FMEA RPN calculations. Use scripts/fmea_analyzer.py for structured FMEA inputs, critical item identification, and recommendation generation. Treat script output as calculation support, not as final regulatory rationale; the rationale still needs expert review and traceability to your controlled criteria.
risk-management-specialist skill FAQ
Is risk-management-specialist suitable for beginners?
Yes, if the user understands the basics of medical device development and can provide device context. The templates and method guide make the workflow easier to follow, but beginners should not rely on the skill to define acceptability policy, clinical severity, or regulatory strategy without expert supervision.
How does this compare with ordinary AI prompting?
A normal prompt may produce a plausible risk table, but it often misses lifecycle structure, risk acceptability criteria, residual risk reasoning, verification links, and post-production feedback loops. The risk-management-specialist skill is more useful when you need repeatable ISO 14971-style outputs and a repository-backed workflow.
When should I not use this skill?
Do not use it as the sole basis for final approved risk files, benefit-risk conclusions, clinical safety claims, cybersecurity risk management, or market-specific regulatory submissions. Also avoid using it when you cannot provide enough device information; generic inputs usually create generic hazards that are difficult to defend in an audit.
Does it fit Regulatory Affairs workflows?
Yes. The risk-management-specialist for Regulatory Affairs use case is strong when RA teams need to review consistency between risk management documentation, intended use, labeling, PMS/PMCF inputs, technical documentation, and standards claims. It is less useful for purely legal interpretation or jurisdiction-specific submission strategy.
How to Improve risk-management-specialist skill
Improve risk-management-specialist outputs with better context
The fastest way to improve risk-management-specialist results is to provide controlled definitions up front: your severity scale, probability scale, unacceptable risk zones, device classification, product boundaries, assumptions, and known harms. If your organization uses custom criteria, paste them into the prompt and ask the skill to conform to them instead of using default examples.
Common failure modes to check
Review outputs for over-broad hazards, missing hazardous situations, controls that are really detection activities, residual risk scores that do not follow your matrix, and weak verification links. Also check whether the skill separates risk control implementation from verification of effectiveness, because auditors often expect both.
Iteration prompts that raise quality
After the first draft, ask targeted follow-ups:
- “Find missing hazardous situations for normal use, reasonably foreseeable misuse, and fault conditions.”
- “Challenge the residual risk ratings against the stated acceptability matrix.”
- “Convert these controls into inherently safe design, protective measure, and information-for-safety categories.”
- “Identify which risks need benefit-risk analysis or management review.”
- “Add post-production signals that would trigger risk file updates.”
Repository-level improvements worth adding
If you maintain a local fork, consider adding company-specific risk matrices, device-family examples, cybersecurity cross-references, usability engineering links to IEC 62366-1, and templates with traceability columns for requirements, verification, labeling, complaints, and CAPA. These additions make the risk-management-specialist guide more defensible for real quality system use while preserving the reusable ISO 14971 workflow.
