Add PIR root cause depth and blast radius gates

[malb200710-dev]

Bounty type

Skill Improvement bounty

Modified skill

skills/incident-response/post-incident-review/SKILL.md

Issue

Fixes #1534

What was missing

The PIR skill could accept shallow proximate-cause RCA and speed metrics without enough evidence of recurrence prevention, blast radius, detection engineering follow-through, or communication/coordination quality.

What changed

• Bumped post-incident-review to v1.0.1.
• Added required context for blast radius, detection engineering outcomes, and communication/escalation evidence.
• Added Root Cause Depth and Scope Scoring with RCA depth 0-4.
• Added required RCA fields:
  oot_cause_scope,
  ecurrence_likelihood,
  ecurrence_prevention_evidence, and
  esidual_pattern_risk.
• Added blast-radius metrics for affected systems, accounts, data, business process impact, regulatory scope, and third-party/geographic scope.
• Added a Detection Engineering Feedback Loop section with fired/missed/tuned/created rule evidence and ATT&CK coverage mapping.
• Added a Communication and Coordination Assessment section for escalation matrix accuracy, notification SLA compliance, handoff quality, and third-party coordination.
• Added matching report output fields and pitfalls.

Validation

• Confirmed v1.0.1 version bump in frontmatter and output template.
• Confirmed RCA depth/scope scoring is present.
• Confirmed blast radius output section is present.
• Confirmed detection engineering feedback loop is present.
• Confirmed communication and coordination assessment is present.
• Confirmed Markdown fence balance.
• Confirmed no non-ASCII characters were introduced.

Bounty request

Requesting consideration for the SecuritySkills improver bounty if accepted/merged. Payment details can be provided privately after acceptance.