1

    Incident Postmortem Writer — Blameless, Actionable Postmortems from Your Messy Incident Notes

    by PubsProToolkit

    Turn timeline fragments, Slack logs, and pager history into a complete blameless postmortem — impact summary, clean timeline, contributing factors instead of a scapegoat, action items with owners and due dates, and lessons that survive the week.

    Updated Jul 2026
    Security scanned
    Cursor

    $14

    · or 70 credits

    30-day refund guarantee

    Secure checkout via Stripe

    Included in download

    • Convert Slack history into a structured incident timeline.
    • Extract systemic contributing factors from raw outage notes.
    • file_read, file_write automation included
    • Ready for Cursor
    • Instant install

    Media gallery

    See it in action

    You say

    Write a blameless postmortem from these notes. Checkout was down. From #incident-checkout: 14:02 deploy of config change goes out. 14:05 first 500s, PagerDuty pages on-call. 14:11 someone asks "is this the config PR?" 14:20 rolled back, errors clear by 14:23. Alert only fired after error rate hit 5%. Impact: ~21 min, checkout failing for most users. Owner for follow-ups TBD. Flag anything you're not sure about instead of guessing.

    Your agent does

    Postmortem: Checkout Service Degradation (HTTP 500)

    Severity: SEV-1 Duration: ~21 min (14:02–14:23)

    Impact Summary

    Checkout returned HTTP 500 for most users for roughly 21 minutes following a configuration deploy. Customers could not complete purchases until the change was rolled back and error rates returned to normal at 14:23.

    Timeline

    • 14:02 — Configuration change deployed to production.
    • 14:05 — First 500s observed; PagerDuty pages on-call. (At this point responders did not yet know the deploy was the trigger.)
    • 14:11 — Responders raise the recent config PR as a possible cause.
    • 14:20 — Change rolled back.
    • 14:23 — Error rates return to baseline; incident resolved.

    Contributing Factors

    • The config deploy pipeline had no automated validation to catch the faulty change before it reached production.
    • The 5xx alert threshold (5% error rate) delayed detection, so paging lagged the first user-facing errors.

    What Went Well

    • Once the config PR was suspected, rollback was fast and fully resolved the issue.

    Action Items

    • [ ] Add a config-validation gate to the deploy pipeline. (Owner: TODO — assign) (Due: TODO) — addresses Factor 1
    • [ ] Lower the 5xx alert threshold / add rate-of-change alerting. (Owner: TODO — assign) (Due: TODO) — addresses Factor 2

    Lessons for Others

    • A fast, well-understood rollback path limits blast radius more than any single prevention control.

    TODO: Follow-up owners and due dates were not provided in the source notes — assign before publishing.

    About This Skill

    Postmortems are the highest-leverage document an engineering team writes and usually the worst-written: composed at 5pm the day after, half timeline dump and half quiet blame, with action items like "improve monitoring" that no one owns. Incident Postmortem Writer applies the craft. Give it your raw material — timeline notes, incident-channel logs, alert history, who did what — and it produces the finished document: an impact summary a director can read alone, a timestamped timeline that notes what responders knew at each decision, contributing factors that are systemic and plural rather than a single-blame root cause, a what-went-well section, action items where every entry is concrete, owned, dated, and mapped to a factor, and lessons phrased so people outside the incident learn from them. It rewrites the blame your raw material contains while keeping every fact — people appear in the timeline doing things; causes live in the factors — and it flags timeline conflicts and missing facts as TODOs instead of inventing them. The download includes three reference files: the postmortem template, a blameless-language guide with the standard transformations and a two-reader test, and a complete annotated sample postmortem. Written by a professional writer; works with Claude Code, Cursor, Codex CLI, Gemini CLI, and any SKILL.md agent.

    Use Cases

    • Convert Slack history into a structured incident timeline.
    • Extract systemic contributing factors from raw outage notes.
    • Generate verifiable action items with clear ownership.
    • Remove personal blame while retaining all technical facts.

    Reviews

    No reviews yet - be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    Read Files
    Write Files

    File Scopes

    references/**

    Reads the incident material you provide and its own three bundled reference files (references/**), and writes the finished postmortem Markdown. It does not run commands, browse the web, make network calls, read environment variables, or connect to any external service, monitoring tool, or incident platform.

    Follows the open SKILL.md standard and works with any compatible agent — Claude Code, Cursor, Codex CLI, Gemini CLI, VS Code Copilot, and others. No runtime, API key, or network access required; you supply the incident material and the agent produces the postmortem locally.

    Creator

    PubsProToolkit builds rigor-first skills for AI agents — they write your docs and content properly, then adversarially review them to catch what's wrong before it ships. The result: cleaner output and a hard quality gate in one toolkit. Built by a CMPP-certified, PhD medical writer who brings regulated-industry standards to developer docs, content, compliance, and research integrity.

    Frequently Asked Questions

    More Premium Skills

    $14