diff --git a/index.php b/index.php
index 788ccc9..256e1ca 100644
--- a/index.php
+++ b/index.php
@@ -75,12 +75,12 @@ if (empty($roles_ids)) {
 
     $i = 1;
     $capabilities = get_moodle_capabilities($roles);
-    foreach ($capabilities as $name => $capability) {
+    foreach ($capabilities as $capability) {
         if ($i % $repeat_each == 0) {
             echo $th;
         }
 
-        $cap_string = get_cap_string($name);
+        $cap_string = get_cap_string($capability);
         echo '<tr>', $cap_string;
         foreach ($roles as $role) {
             if (isset($capability[$role->shortname])) {
@@ -101,7 +101,7 @@ admin_externalpage_print_footer();
 function get_moodle_capabilities($roles) {
     global $CFG;
 
-    $sql = "SELECT name, component, contextlevel
+    $sql = "SELECT id, name, component, contextlevel, riskbitmask
               FROM {$CFG->dbname}.{$CFG->prefix}capabilities
              WHERE name NOT LIKE 'moodle/legacy%'
           ORDER BY contextlevel, name";
@@ -110,7 +110,10 @@ function get_moodle_capabilities($roles) {
     $records = get_records_sql($sql);
     $capabilities = array();
     foreach ($records as $cap) {
-        $capabilities[$cap->name] = array('component' => $cap->component, 'contextlevel' => $cap->contextlevel);
+        $capabilities[$cap->name] = array('component' => $cap->component,
+                                          'contextlevel' => $cap->contextlevel,
+                                          'riskbitmask' => $cap->riskbitmask,
+                                          'name' => $cap->name);
     }
 
     // now, the permissions by role
@@ -134,14 +137,53 @@ function get_moodle_capabilities($roles) {
     return $capabilities;
 }
 
-function get_cap_string($name) {
+function get_cap_string($capability) {
     global $CFG;
 
-    $doc_ref = 'http://docs.moodle.org/'.$CFG->lang.'/Capabilities/'.$name;
-    return "
-           <td class=\"action\">
-             <span class=\"cap_friendly_name\"><a href=\"{$doc_ref}\">".get_capability_string($name)."</a></span>
-             <span class=\"cap_name\">{$name}</span>
-           </td>";
+    $doc_ref = 'http://docs.moodle.org/'.$CFG->lang.'/Capabilities/'.$capability['name'];
+    return "<td class=\"action\">
+             <span class=\"cap_friendly_name\"><a href=\"{$doc_ref}\">".get_capability_string($capability['name'])."</a></span>
+             <span class=\"cap_name\">{$capability['name']}</span>".
+             get_risks_images($capability).
+           '</td>';
+}
+
+function get_risks_images($capability) {
+    global $CFG;
+
+    $strrisks = s(get_string('risks', 'role'));
+    $riskinfo = '<span class="risk managetrust">';
+    $rowclasses = '';
+    if (RISK_MANAGETRUST & (int)$capability['riskbitmask']) {
+        $riskinfo .= '<a onclick="this.target=\'docspopup\'" title="'.get_string('riskmanagetrust', 'admin').'" href="'.$CFG->docroot.'/'.$CFG->lang.'/'.$strrisks.'">';
+        $riskinfo .= '<img src="'.$CFG->pixpath.'/i/risk_managetrust.gif" alt="'.get_string('riskmanagetrustshort', 'admin').'" /></a>';
+        $rowclasses .= ' riskmanagetrust';
+    }
+    $riskinfo .= '</span><span class="risk config">';
+    if (RISK_CONFIG & (int)$capability['riskbitmask']) {
+        $riskinfo .= '<a onclick="this.target=\'docspopup\'" title="'.get_string('riskconfig', 'admin').'" href="'.$CFG->docroot.'/'.$CFG->lang.'/'.$strrisks.'">';
+        $riskinfo .= '<img src="'.$CFG->pixpath.'/i/risk_config.gif" alt="'.get_string('riskconfigshort', 'admin').'" /></a>';
+        $rowclasses .= ' riskconfig';
+    }
+    $riskinfo .= '</span><span class="risk xss">';
+    if (RISK_XSS & (int)$capability['riskbitmask']) {
+        $riskinfo .= '<a onclick="this.target=\'docspopup\'" title="'.get_string('riskxss', 'admin').'" href="'.$CFG->docroot.'/'.$CFG->lang.'/'.$strrisks.'">';
+        $riskinfo .= '<img src="'.$CFG->pixpath.'/i/risk_xss.gif" alt="'.get_string('riskxssshort', 'admin').'" /></a>';
+        $rowclasses .= ' riskxss';
+    }
+    $riskinfo .= '</span><span class="risk personal">';
+    if (RISK_PERSONAL & (int)$capability['riskbitmask']) {
+        $riskinfo .= '<a onclick="this.target=\'docspopup\'" title="'.get_string('riskpersonal', 'admin').'" href="'.$CFG->docroot.'/'.$CFG->lang.'/'.$strrisks.'">';
+        $riskinfo .= '<img src="'.$CFG->pixpath.'/i/risk_personal.gif" alt="'.get_string('riskpersonalshort', 'admin').'" /></a>';
+        $rowclasses .= ' riskpersonal';
+    }
+    $riskinfo .= '</span><span class="risk spam">';
+    if (RISK_SPAM & (int)$capability['riskbitmask']) {
+        $riskinfo .= '<a onclick="this.target=\'docspopup\'" title="'.get_string('riskspam', 'admin').'" href="'.$CFG->docroot.'/'.$CFG->lang.'/'.$strrisks.'">';
+        $riskinfo .= '<img src="'.$CFG->pixpath.'/i/risk_spam.gif" alt="'.get_string('riskspamshort', 'admin').'" /></a>';
+        $rowclasses .= ' riskspam';
+    }
+    $riskinfo .= '</span>';
+    return $riskinfo;
 }
 ?>