I find that very few engineers explicitly capture risks either in a jira ticket or in a testing/release report - heck most releases don’t have much time to write up lessons learned or quickly list and dispel any fears. Often the next project is already underway on the day you ship. Many risks can be mitigated, but all have cost and that’s why engineers who are just bricklayers are not well placed to balance those costs or comment on them, let alone act on all of them, some, but not all.
It really does require an engineer to also step outside of themselves to work out what the actual risk is, we don’t know many things about the likelihood of a failure without any metrics to back us up, or loads of experience of similar flaws. The engineer also has very little grasp of the economic damage a fault causes in reality, broadly yes we do, but not with any kind of repeatability on a scale of 1-5.
My answer is thus, carefully, in the testing plan itself.