tachi-risk-scoringlisted

# tachi-risk-scoring Quantitative risk scoring domain knowledge extracted from the tachi risk-scorer agent. This skill provides the reference tables, formulas, and assessment criteria that the risk-scorer uses to transform qualitative threat findings into data-backed risk scores. ## Domain Overview The risk scoring model assesses each threat finding on four dimensions: 1. **CVSS 3.1 Base Score** (weight: 0.35) -- Inherent vulnerability severity using standard CVSS 3.1 vector analysis, with AI-specific refinements for agentic and LLM threat categories 2. **Exploitability** (weight: 0.30) -- Practical attack feasibility across four sub-dimensions: known techniques, attack complexity, tooling availability, and skill level 3. **Scalability** (weight: 0.15) -- Blast radius and operational economics across four sub-dimensions: scriptability, target scope, resource requirements, and detection difficulty 4. **Reachability** (weight: 0.20) -- Architecture-aware attack surface exposure derived from trust zone position, zone name analysis, and architecture barrier adjustments Dimensional scores combine into a weighted composite score (0.0-10.0), which maps to a severity band (Critical/High/Medium/Low) that drives governance fields (SLA, disposition, review date). ## AIVSS Relationship Tachi's four-dimensional composite scoring model **diverges** from OWASP AIVSS at the present time. AIVSS v0.8 (the latest published version, with its public review period opening 2026-04-16) builds