Infrastructure and Application Service Delivery typically comprises of complex workflows such as software installation/configuration, OS configuration, file system management etc. To manage costs as well as SLAs, enterprises constantly look towards automation of these workflows. While declarative approaches for automated workflow planning have been described in the literature, they do not address the risk exposure of the system. We present a novel two-phase risk-aware approach to planning which allows to 'look-ahead' beyond the desired end state and compute a vulnerability score that measures how vulnerable the system could be in future, if the plan were to be executed now. We demonstrate our approach on a web service migration use-case using SGPlan as the preference-based planner. We also implement an end-to-end framework based on Puppet and validate it on a test bed of virtual machines. The implementation validates the generality of our approach in finding a less-vulnerable plan in scenarios where there are multiple plans.