blast-radiuslisted

# Blast Radius Use this skill to decide how hard to look at a diff before accepting it. Line count does not equal risk: a two-line change to auth or a quietly deleted test is far more dangerous than a large but mechanical refactor. This skill surfaces the high-reach signals so the review effort matches the actual blast radius. ## When to use - After an agent (or you) produces a diff, before merging. - As a CI or pre-merge gate, especially on unattended or batch runs. ## Workflow 1. Score the diff and show the evidence: ```bash git diff | python -m blastradius score # or a saved diff: python -m blastradius score change.diff ``` 2. Report the severity, the scope, and every high-reach signal. Pay special attention to: secrets committed, authentication touched, tests deleted, CI/CD or migrations changed. Any of these warrants a careful, line-by-line review. 3. For a critical or high score, do not rubber-stamp. Verify the change does what was asked and that nothing out of scope changed. Removing or weakening a test to make a build pass is a specific anti-pattern this catches. 4. To gate programmatically, use the receipt: ```bash git diff | python -m blastradius score --receipt | python -m pco verify - ``` A quarantined verdict means the diff is high blast radius and should not merge without explicit human sign-off. ## Honesty boundary The signals are transparent rules, not a judgment that the change is wrong. A high blast radius mea