tm-report

# Risk Report Generation

## Purpose

Generate comprehensive risk reports that:

- Prioritize risks by severity and business impact
- Provide actionable countermeasures
- Include executive summaries for leadership
- Document evidence for audit compliance

## Usage

```
/tm-report [--format markdown|html|json] [--level executive|standard|detailed] [--output <path>]
```

**Arguments**:
- `--format`: Output format (default: markdown)
- `--level`: Detail level (default: standard)
- `--output`: Custom output path

## Report Sections

### Executive Summary
- High-level risk overview
- Critical findings count
- Compliance status
- Top 3-5 recommendations

### Risk Overview
- Risk distribution by severity
- Risk heat map
- Trend indicators (if baseline exists)

### Critical Findings
- Detailed threat descriptions
- Attack scenarios
- Business impact
- Recommended countermeasures

### Gap Analysis
- Missing controls
- Partial implementations
- Remediation priorities

### Compliance Status
- Framework coverage percentages
- Key compliance gaps

### Recommendations
- Prioritized action items
- Effort estimates
- Quick wins vs strategic improvements

### Technical Appendix
- Full threat catalog
- Control inventory
- Architecture diagrams

## Report Templates

### Executive Level
```markdown
# Security Risk Report - Executive Summary

**Project**: [Name]
**Date**: [Date]
**Classification**: Confidential

## Overview

This assessment identified [X] security risks across [Y] system components.
[N] risks are rated as **critical** and require immediate attention.

## Key Findings

| Finding | Risk Level | Business Impact |
|---------|------------|-----------------|
| [Title] | Critical | [Impact] |
| [Title] | High | [Impact] |
| [Title] | High | [Impact] |

## Compliance Status

- OWASP Top 10: [X]%
- SOC2: [Y]%

## Recommendations

1. **Immediate** (0-30 days): [Action]
2. **Short-term** (30-90 days): [Action]
3. **Strategic** (90+ days): [Action]

## Resource Requirements

[Brief