Skills postmortem-writing
📋

postmortem-writing

Safe 🌐 Network access⚙️ External commands

Write effective blameless postmortems

Writing effective postmortems helps teams learn from incidents and prevent recurrence. This skill provides templates, frameworks, and guidance for conducting blameless postmortems that drive organizational learning.

Supports: Claude Codex Code(CC)
📊 70 Adequate
1

Download the skill ZIP

2

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

3

Toggle on and start using

Test it

Using "postmortem-writing". Write a postmortem for a database connection exhaustion incident that affected our payment service for 47 minutes.

Expected outcome:

  • ## Postmortem: Payment Service Database Connection Exhaustion
  • **Date**: 2024-01-15 | **Duration**: 47 minutes | **Severity**: SEV2
  • **Impact**: 12,000 customers unable to complete purchases, $45,000 revenue loss
  • ## Root Cause: v2.3.4 deployment bypassed connection pool, causing direct connections per request
  • ## 5 Whys: Database exhausted → New connections per request → Code bypassed pool → Developer unfamiliar with patterns → No documentation
  • ## Action Items: Add integration tests (P0), lower alert threshold (P0), document patterns (P1)

Using "postmortem-writing". Apply the 5 Whys to this incident: Our API latency spiked to 5 seconds due to a cache miss storm after we flushed the entire cache for a config update.

Expected outcome:

  • ## 5 Whys Analysis: Cache Miss Storm
  • **Problem**: API latency spiked to 5s after full cache flush
  • Why #1: Why did latency spike? → Cache was empty, all requests hit the database
  • Why #2: Why was cache empty? → Full cache flush was triggered for config update
  • Why #3: Why was full flush used? → Partial invalidation was not implemented
  • Why #4: Why no partial invalidation? → Feature was deprioritized in previous sprint
  • Root Cause: Missing partial cache invalidation capability
  • Systemic Improvement: Implement targeted cache invalidation (ENG-999)

Security Audit

Safe
v4 • 1/17/2026

This is a documentation-only skill containing markdown guides and templates for writing postmortems. No executable code, file access, network calls, or system capabilities are present. All 46 static findings are false positives - the scanner incorrectly flagged SHA-256 hashes, markdown code fences, timestamps, and documentation phrases as security issues.

2
Files scanned
556
Lines analyzed
2
findings
4
Total audits

Risk Factors

🌐 Network access (5)
skill-report.json:6 SKILL.md:229 SKILL.md:372 SKILL.md:373 SKILL.md:374
⚙️ External commands (17)
SKILL.md:43-50 SKILL.md:50-56 SKILL.md:56-80 SKILL.md:80-98 SKILL.md:98 SKILL.md:98 SKILL.md:98-115 SKILL.md:115-121 SKILL.md:121-214 SKILL.md:214-218 SKILL.md:218-236 SKILL.md:236 SKILL.md:236-273 SKILL.md:273-277 SKILL.md:277-301 SKILL.md:301-307 SKILL.md:307-342
Audited by: claude View Audit History →

Quality Score

38
Architecture
100
Maintainability
87
Content
21
Community
100
Security
91
Spec Compliance

What You Can Build

Document production incidents

Create structured postmortems for SEV1 and SEV2 incidents to capture learnings and drive system improvements.

Lead incident reviews

Facilitate blameless postmortem meetings that focus on systemic improvements rather than individual blame.

Track action items

Generate prioritized action items with clear owners and due dates to ensure incident follow-through.

Try These Prompts

Quick Postmortem 
Write a quick postmortem for a [brief incident description] that lasted [duration]. Include what happened, timeline, root cause, immediate fix, and one lesson learned.
Standard Postmortem 
Create a comprehensive postmortem for [incident name]. Include executive summary, detailed timeline with UTC times, root cause analysis using 5 Whys, impact assessment, what worked, what could improve, and prioritized action items with owners.
Root Cause Analysis 
Apply the 5 Whys analysis to [incident description]. Start with the problem statement and drill down to identify at least 3 root causes. For each root cause, suggest a systemic improvement.
Action Item Draft 
Review this incident summary [paste summary] and generate 5 action items. Prioritize them P0 to P2. Include a brief description, suggested owner role, and realistic due date for each item.

Best Practices

  • Start writing the postmortem within 24-48 hours while details are fresh
  • Include specific times, metrics, and evidence rather than vague descriptions
  • Focus on systemic improvements rather than individual actions or mistakes

Avoid

  • Naming individuals as causes instead of examining system conditions
  • Skipping small incidents that could reveal patterns across the organization
  • Creating action items without owners, due dates, or tracking mechanisms

Frequently Asked Questions

What severity incidents need postmortems?
SEV1 and SEV2 incidents, outages over 15 minutes, data loss, security incidents, and near-misses all warrant postmortems.
How long should a postmortem take to write?
A quick postmortem takes 30 minutes. A comprehensive postmortem typically requires 2-4 hours including the review meeting.
Can this skill integrate with our incident management tools?
The skill operates through conversation. Users paste incident details or manually transfer information to their ticketing system.
Is the data shared with external services?
No external calls are made. All processing happens within the AI conversation. No incident data leaves your environment.
How is this different from ChatGPT or other AI tools?
This skill provides structured templates, the 5 Whys framework, and domain-specific guidance for postmortem best practices.
What makes a postmortem blameless?
Focus on system conditions and processes, not individual mistakes. Ask what allowed the error rather than who made it.

Developer Details

Author

wshobson

License

MIT

Repository

https://github.com/wshobson/agents/tree/main/plugins/incident-response/skills/postmortem-writing

Ref

main

File structure

📄 SKILL.md