Pre-mortem review is a decades-old planning technique: assume failure, work backward, and surface risks early before you sink cost into the wrong design. Gary Klein described it for teams; in product engineering circles the tiger / paper tiger / elephant vocabulary—often associated with Shreyas Doshi’s writing on product risk—is a compact way to sort real threats from noise and taboo topics.
For coding agents, the hard part is not the metaphor—it is discipline. The premortem skill in parcadei/continuous-claude-v3 bakes in verification rules so the model does not treat every suspicious line as a crisis.
Large language models are good at sounding alarmed. Without guardrails, an agent can:
Flag a hardcoded path without checking for an exists() guard three lines later.
Call something “missing error handling” without tracing the call path.
Confuse out-of-scope work with an implementation bug.
The premortem skill encodes an explicit anti-pattern list and a verification checklist (context ±20 lines, fallback branches, scope, dev-only code). If a check is unknown, the instruction set tells the model not to promote the finding to a tiger. That is harness behavior—policy at the tooling layer, not vibes in a one-off chat.
Packaged skills are markdown instructions loaded on trigger. Premortem’s value is explicit prohibitions: no tigers without mitigation_checked, no scope-confused findings, no keyword theater.
The two-pass workflow (how to read the SKILL.md)
Pass 1 — candidates: Collect potential_risks using normal scanning (pattern match, intuition, diff review).
Pass 2 — verification: For each candidate, decide tiger · paper_tiger · false_alarm.
True tigers require a filled mitigation_checked field: what mitigations you looked for and did not find. If you cannot write that line with concrete evidence, the finding stays a candidate or becomes a false alarm.
Paper tigers get the opposite treatment: cite where the mitigation lives (file:lines).
Elephants capture the awkward, under-discussed risks—often process or political, not a missing try/catch.
Slash-style usage (from the upstream skill)
The packaged workflow expects intentful depth:
/premortem — auto-detect context; offer quick vs deep.
/premortem quick — plans, PRs, localized edits.
/premortem deep — before a big implementation push.
/premortem <file> — focus a plan or module.
Exact slash wiring depends on your agent host (Claude Code, Cursor, etc.); the value is the checklist + output schema, not the literal command prefix.
Example: tiger vs paper tiger
Finding (candidate)
After verification
Label
“SQL injection in search query”
Parameterized query on line 42; candidate missed prepare()
false_alarm
“Missing rate limit on public API”
No middleware in route file; confirmed open
tiger
“Hardcoded API key in config”
Key is $ENV reference with fallback only in dev
paper_tiger
“Team never tested rollback”
Process gap; no runbook in repo
elephant
The skill forces the model to write evidence for each promotion—not just restate the fear.
YAML output shape (deep mode)
Deep mode expects structured output including potential_risks, verified tigers, paper_tigers, elephants, and checklist_gaps. A simplified illustration:
yaml
depth:deeptigers:-id:rate-limit-public-apisummary:PublicPOST/searchhasnoratelimitingmitigation_checked:"Searched middleware/, routes/search.ts — no throttle or token bucket"evidence:"routes/search.ts:18-44"paper_tigers:-id:hardcoded-keysummary:Configlookedlikeembeddedsecretmitigation:"config.ts:12 uses process.env.API_KEY with dev-only default"elephants:-id:no-rollback-drillsummary:NodocumentedrollbackforDBmigrationv14checklist_gaps:-"No integration test for search under load"
Use this as PR commentary or attach to RFCs—humans skim tigers first, then elephants for process fixes.
When to run quick vs deep
Trigger
Mode
Why
Small PR (< 200 lines)
quick
Catch obvious regressions without blocking velocity
New public API route
deep
Security and abuse paths need full checklist
Pre-merge of large refactor
deep
Integration and rollback risks dominate
Weekly planning doc
quick
Surface elephants early in the cycle
Before production flag flip
deep
Treat like a launch review
Running deep on every typo fix creates alert fatigue—the skill’s depth flags exist to prevent that.
CI and PR integration
Install the skill in repo .claude/skills/ or via skills-lock.json.
Document in CONTRIBUTING.md: “Run /premortem quick on PRs touching api/ or auth/.”
Optional GitHub Action — not built into the skill; you can require a pasted YAML summary in PR template for high-risk paths.
For teams already using Claude Code hooks, consider a post-diff hook that nudges the agent to run premortem when labels include risk:high.
Anti-patterns the skill is meant to prevent
Anti-pattern
Without skill
With premortem skill
Keyword alarm
“SQL” in filename → critical finding
Verify parameterized queries first
Scope creep review
Flags missing feature as bug
Checks issue scope vs PR diff
Theater
Long scary list, no evidence
YAML with mitigation_checked
Missing process risks
Only code comments
Elephants section for taboo topics
Measuring whether premortem helps
Track over a sprint: false positive rate, missed defects, and minutes per PR review. If false positives stay high, tighten skill description or restrict deep mode to risky paths.
For team repos, pair installs with a committed skills-lock.json so everyone gets the same instruction pack revision—see our skills-lock.json primer.
Relationship to the continuous-claude-v3 bundle
premortem is one skill in parcadei/continuous-claude-v3—a larger repo of Claude Code workflows. You can install only premortem or the full bundle. Browse sibling skills on explainx.ai /skills before duplicating overlapping risk checklists in your own SKILL.md files.
Origins: Klein pre-mortem vs agent harness
Layer
What it provides
Klein pre-mortem (HBR)
Team ritual: imagine failure, list reasons
Shreyas Doshi framing
Tigers / paper tigers / elephants vocabulary
premortem skill
Executable checklist + YAML schema for coding agents
Your CI/PR policy
When the skill must run and who reads output
The skill does not replace security scanners or formal threat modeling—it reduces unverified alarmism in agent-assisted reviews.
Gary Klein pre-mortem (HBR) in practice
Klein’s workshop format: gather the team, assume the project already failed, each person writes why, cluster themes, then prioritize preventable causes before committing budget. The agent skill compresses that ritual into PR-sized reviews with machine-readable YAML—useful when you cannot convene six engineers for every diff.
Tigers need action before ship: missing auth, data loss paths, irreversible ops without confirmation.
Paper tigers look scary until you read the guard: env-only defaults, feature flags, dead code paths.
Elephants are the meeting nobody wants: “We have no rollback owner,” “Legal never saw this data flow,” “On-call has not been trained.”
The skill’s YAML schema exists so agents sort findings into these buckets with evidence, not so teams can ignore elephants because the diff looked clean.
Bottom line: Install premortem when agent reviews feel like alarmist lint—the skill trades volume for verified tigers and explicit elephants. Pin versions, audit the bundle, run deep before risky merges.
Commit skills-lock.json, add a PR template checkbox for high-risk paths, and review the explainx.ai listing for copy-paste metadata and related skills in the same repo.
Shreyas Doshi’s tigers / paper tigers / elephants vocabulary spread in product Twitter because it names failure modes meetings skip: real blockers, false alarms, and taboo risks. Mapping that vocabulary onto YAML makes it legible to eng managers who will never read raw diffs.
Summary
The premortem skill turns Klein’s pre-mortem into evidence-based agent review: two passes, YAML output, quick/deep modes, install via npx skills add. Use it to cut false-positive security theater in AI-assisted PRs—pin with skills-lock.json and run deep before high-risk merges.
The Kaggle Agent Skills whitepaper explains why skill libraries need evaluation under co-load—premortem is one skill; do not install thirty others you never trigger.
Use formal threat modeling for new payment flows, pen tests before major launches, and dependency scanning on every merge. Premortem complements those practices—it does not replace compliance sign-off, legal review, or human code owners. Treat YAML output as input to discussion, not an automatic merge blocker unless your policy explicitly says so.
Gary Klein’s original pre-mortem paper emphasized psychological safety: people must feel able to name failure modes before sunk cost kicks in. Agent-assisted premortem can surface elephants earlier if reviewers treat YAML as a conversation starter in standup or launch review—not a checkbox to dismiss.
Confirm CLI flags against vercel-labs/skills and upstream SKILL.md before production adoption. Updated June 2026. Browse /skills for verified explainx.ai skill listings. Commit skills-lock.json in every repo so engineers share the same premortem revision.
Summary
The premortem skill encodes verify-before-flag discipline for coding agents: collect candidates, demand mitigation_checked evidence, and output YAML your team can paste into PRs. Install from explainx.ai, pin with skills-lock.json, and run deep mode before high-risk merges.
Skill contents and CLI flags change over time. Confirm behavior against parcadei/continuous-claude-v3 and your installed npx skills version before relying on this in production workflows.