Pre-mortem review is a decades-old planning technique: assume failure, work backward, and surface risks early before you sink cost into the wrong design. Gary Klein described it for teams; in product engineering circles the tiger / paper tiger / elephant vocabulary—often associated with Shreyas Doshi’s writing on product risk—is a compact way to sort real threats from noise and taboo topics.
For coding agents, the hard part is not the metaphor—it is discipline. The premortem skill in parcadei/continuous-claude-v3 bakes in verification rules so the model does not treat every suspicious line as a crisis.
Canonical registry listing: premortem — ExplainX.
TL;DR
| Question | Short answer |
|---|---|
| What is it? | An agent skill that runs a structured pre-mortem with quick and deep depths and YAML-shaped outputs. |
| Why it matters | Forces two-pass reasoning: candidates → verified risks with mitigation_checked evidence. |
| Install | npx skills add https://github.com/parcadei/continuous-claude-v3 --skill premortem |
| Browse | explainx.ai/skills/.../premortem |
| Best for | PRs, RFCs, before large refactors, and any workflow where false-positive “security theater” wastes time. |
Complete AI Builder Bootcamp
Claude, Python automation & full-stack — 12 live sessions with Yash Thakker.
The Complete AI Builder Bootcamp is the best AI development course for learning Claude AI, prompt engineering, Python automation, and full-stack web development. This intensive 6-week live bootcamp teaches you how to build AI-powered applications using Claude Projects, Claude Artifacts, Claude Code, and the complete Claude ecosystem. You'll master prompt engineering techniques, learn to create custom Claude connectors and MCP integrations, build Python automation workflows, develop full-stack websites with AI assistance, and create AI marketing agents.
The bootcamp includes 12 live Zoom sessions with Yash Thakker, founder of AISOLO Technologies and instructor to 350,000+ students. You'll build 8+ portfolio projects including AI playbooks, full-stack note-taking applications, Python automation scripts, marketing agents, and personal portfolio websites. The curriculum covers AI fundamentals, Claude Projects and Artifacts, Claude Co-work, Claude plugins and skills, Claude Code for Python development, full-stack development, AI marketing, and capstone projects.
Students receive 1-year access to all recordings, permanent Discord community access, a certificate of completion, and personalized career guidance. All enrollments include a 7-day money-back guarantee. This is the most comprehensive Claude AI bootcamp available, taking students from zero AI knowledge to expert AI builder in 6 weeks.
Why “verify before you flag” belongs in a skill
Large language models are good at sounding alarmed. Without guardrails, an agent can:
- Flag a hardcoded path without checking for an
exists()guard three lines later. - Call something “missing error handling” without tracing the call path.
- Confuse out-of-scope work with an implementation bug.
The premortem skill encodes an explicit anti-pattern list and a verification checklist (context ±20 lines, fallback branches, scope, dev-only code). If a check is unknown, the instruction set tells the model not to promote the finding to a tiger. That is harness behavior—policy at the tooling layer, not vibes in a one-off chat.
Packaged skills are markdown instructions loaded on trigger. Premortem’s value is explicit prohibitions: no tigers without mitigation_checked, no scope-confused findings, no keyword theater.
The two-pass workflow (how to read the SKILL.md)
- Pass 1 — candidates: Collect
potential_risksusing normal scanning (pattern match, intuition, diff review). - Pass 2 — verification: For each candidate, decide
tiger·paper_tiger·false_alarm.
True tigers require a filled mitigation_checked field: what mitigations you looked for and did not find. If you cannot write that line with concrete evidence, the finding stays a candidate or becomes a false alarm.
Paper tigers get the opposite treatment: cite where the mitigation lives (file:lines).
Elephants capture the awkward, under-discussed risks—often process or political, not a missing try/catch.
Slash-style usage (from the upstream skill)
The packaged workflow expects intentful depth:
/premortem— auto-detect context; offer quick vs deep./premortem quick— plans, PRs, localized edits./premortem deep— before a big implementation push./premortem <file>— focus a plan or module.
Exact slash wiring depends on your agent host (Claude Code, Cursor, etc.); the value is the checklist + output schema, not the literal command prefix.
Example: tiger vs paper tiger
| Finding (candidate) | After verification | Label |
|---|---|---|
| “SQL injection in search query” | Parameterized query on line 42; candidate missed prepare() | false_alarm |
| “Missing rate limit on public API” | No middleware in route file; confirmed open | tiger |
| “Hardcoded API key in config” | Key is $ENV reference with fallback only in dev | paper_tiger |
| “Team never tested rollback” | Process gap; no runbook in repo | elephant |
The skill forces the model to write evidence for each promotion—not just restate the fear.
YAML output shape (deep mode)
Deep mode expects structured output including potential_risks, verified tigers, paper_tigers, elephants, and checklist_gaps. A simplified illustration:
depth: deep
tigers:
- id: rate-limit-public-api
summary: Public POST /search has no rate limiting
mitigation_checked: "Searched middleware/, routes/search.ts — no throttle or token bucket"
evidence: "routes/search.ts:18-44"
paper_tigers:
- id: hardcoded-key
summary: Config looked like embedded secret
mitigation: "config.ts:12 uses process.env.API_KEY with dev-only default"
elephants:
- id: no-rollback-drill
summary: No documented rollback for DB migration v14
checklist_gaps:
- "No integration test for search under load"
Use this as PR commentary or attach to RFCs—humans skim tigers first, then elephants for process fixes.
When to run quick vs deep
| Trigger | Mode | Why |
|---|---|---|
| Small PR (< 200 lines) | quick | Catch obvious regressions without blocking velocity |
| New public API route | deep | Security and abuse paths need full checklist |
| Pre-merge of large refactor | deep | Integration and rollback risks dominate |
| Weekly planning doc | quick | Surface elephants early in the cycle |
| Before production flag flip | deep | Treat like a launch review |
Running deep on every typo fix creates alert fatigue—the skill’s depth flags exist to prevent that.
CI and PR integration
- Install the skill in repo
.claude/skills/or viaskills-lock.json. - Document in
CONTRIBUTING.md: “Run/premortem quickon PRs touchingapi/orauth/.” - Optional GitHub Action — not built into the skill; you can require a pasted YAML summary in PR template for high-risk paths.
- Pair with agent skills security review before trusting third-party SKILL.md files in production repos.
For teams already using Claude Code hooks, consider a post-diff hook that nudges the agent to run premortem when labels include risk:high.
Anti-patterns the skill is meant to prevent
| Anti-pattern | Without skill | With premortem skill |
|---|---|---|
| Keyword alarm | “SQL” in filename → critical finding | Verify parameterized queries first |
| Scope creep review | Flags missing feature as bug | Checks issue scope vs PR diff |
| Theater | Long scary list, no evidence | YAML with mitigation_checked |
| Missing process risks | Only code comments | Elephants section for taboo topics |
Measuring whether premortem helps
Track over a sprint: false positive rate, missed defects, and minutes per PR review. If false positives stay high, tighten skill description or restrict deep mode to risky paths.
Install and pin
From the ExplainX listing:
npx skills add https://github.com/parcadei/continuous-claude-v3 --skill premortem
For team repos, pair installs with a committed skills-lock.json so everyone gets the same instruction pack revision—see our skills-lock.json primer.
Relationship to the continuous-claude-v3 bundle
premortem is one skill in parcadei/continuous-claude-v3—a larger repo of Claude Code workflows. You can install only premortem or the full bundle. Browse sibling skills on ExplainX /skills before duplicating overlapping risk checklists in your own SKILL.md files.
Origins: Klein pre-mortem vs agent harness
| Layer | What it provides |
|---|---|
| Klein pre-mortem (HBR) | Team ritual: imagine failure, list reasons |
| Shreyas Doshi framing | Tigers / paper tigers / elephants vocabulary |
| premortem skill | Executable checklist + YAML schema for coding agents |
| Your CI/PR policy | When the skill must run and who reads output |
The skill does not replace security scanners or formal threat modeling—it reduces unverified alarmism in agent-assisted reviews.
Gary Klein pre-mortem (HBR) in practice
Klein’s workshop format: gather the team, assume the project already failed, each person writes why, cluster themes, then prioritize preventable causes before committing budget. The agent skill compresses that ritual into PR-sized reviews with machine-readable YAML—useful when you cannot convene six engineers for every diff.
Browse sibling skills in continuous-claude-v3 but install only what you will trigger—co-loaded skills fail in production when libraries grow unbounded.
Field guide: tigers, paper tigers, elephants
Tigers need action before ship: missing auth, data loss paths, irreversible ops without confirmation.
Paper tigers look scary until you read the guard: env-only defaults, feature flags, dead code paths.
Elephants are the meeting nobody wants: “We have no rollback owner,” “Legal never saw this data flow,” “On-call has not been trained.”
The skill’s YAML schema exists so agents sort findings into these buckets with evidence, not so teams can ignore elephants because the diff looked clean.
Bottom line: Install premortem when agent reviews feel like alarmist lint—the skill trades volume for verified tigers and explicit elephants. Pin versions, audit the bundle, run deep before risky merges.
Quick install recap
npx skills add https://github.com/parcadei/continuous-claude-v3 --skill premortem
Commit skills-lock.json, add a PR template checkbox for high-risk paths, and review the ExplainX listing for copy-paste metadata and related skills in the same repo.
Shreyas Doshi’s tigers / paper tigers / elephants vocabulary spread in product Twitter because it names failure modes meetings skip: real blockers, false alarms, and taboo risks. Mapping that vocabulary onto YAML makes it legible to eng managers who will never read raw diffs.
Summary
The premortem skill turns Klein’s pre-mortem into evidence-based agent review: two passes, YAML output, quick/deep modes, install via npx skills add. Use it to cut false-positive security theater in AI-assisted PRs—pin with skills-lock.json and run deep before high-risk merges.
Pair with What are agent skills? for packaging basics and agent skills security before installing community skills alongside premortem.
The Kaggle Agent Skills whitepaper explains why skill libraries need evaluation under co-load—premortem is one skill; do not install thirty others you never trigger.
Install command: npx skills add https://github.com/parcadei/continuous-claude-v3 --skill premortem · Registry: ExplainX premortem
When premortem is not enough
Use formal threat modeling for new payment flows, pen tests before major launches, and dependency scanning on every merge. Premortem complements those practices—it does not replace compliance sign-off, legal review, or human code owners. Treat YAML output as input to discussion, not an automatic merge blocker unless your policy explicitly says so.
Gary Klein’s original pre-mortem paper emphasized psychological safety: people must feel able to name failure modes before sunk cost kicks in. Agent-assisted premortem can surface elephants earlier if reviewers treat YAML as a conversation starter in standup or launch review—not a checkbox to dismiss.
Confirm CLI flags against vercel-labs/skills and upstream SKILL.md before production adoption. Updated June 2026. Browse /skills for verified ExplainX skill listings. Commit skills-lock.json in every repo so engineers share the same premortem revision.
Summary
The premortem skill encodes verify-before-flag discipline for coding agents: collect candidates, demand mitigation_checked evidence, and output YAML your team can paste into PRs. Install from ExplainX, pin with skills-lock.json, and run deep mode before high-risk merges.
Read next: What are agent skills? · Kaggle Agent Skills whitepaper · Premortem skill listing
Related on ExplainX
- What are agent skills? — mental model and packaging
- skills-lock.json: reproducible agent skills — locking installs
- Agent skills security — review before you trust new skills
- Context engineering and clean prompts — structured context patterns
Sources
- Registry: premortem — explainx.ai
- Upstream repo: github.com/parcadei/continuous-claude-v3
- Skills CLI (ecosystem): github.com/vercel-labs/skills
- Pre-mortem technique: Gary Klein — Performing a Project Premortem (HBR)
Skill contents and CLI flags change over time. Confirm behavior against parcadei/continuous-claude-v3 and your installed npx skills version before relying on this in production workflows.