Prd
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is mostly PRD-focused, but its reference docs promote running an unattended AI coding loop with permissions disabled, which could change your code without review.
Use this skill for PRD drafting and task tracking, but be cautious with the included autonomous-agent references. Avoid the unattended permission-skipping loop unless you fully understand the consequences; prefer manual, reviewed story-by-story execution with normal permissions, diff review, and explicit commit approval.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user who follows this workflow could let an AI agent modify, test, and repeatedly change a repository without review or normal tool-approval safeguards.
This explicitly recommends an unattended agent loop that bypasses normal permission checks while implementing code changes and updating project state.
while :; do
claude --print --dangerously-skip-permissions \
"Read prd.json, find first story where passes=false, implement it, run checks, update passes=true if successful"
doneDo not run the unattended '--dangerously-skip-permissions' loop by default. Use story-by-story execution, keep permission prompts enabled, review diffs before commits, and set a clear maximum number of iterations.
The agent could keep running and making further attempts or changes until manually stopped.
The documented loop is intentionally unattended and externally infinite; if the agent fails to mark work complete or encounters repeated errors, it may continue operating beyond the user's intended task boundary.
## Unattended Agentic Loop ### Claude Code ```bash while :; do
Replace the infinite loop with a bounded command, require explicit user confirmation between stories, and stop automatically on errors or unexpected file changes.
Future agent runs may trust incorrect, outdated, or injected guidance from progress.txt.
The workflow uses a persistent progress file as context for future agent iterations, so stale or manipulated notes could influence later implementation choices.
Read `progress.txt` (check Codebase Patterns first) ... Append to `progress.txt` after each iteration (never replace)
Review progress.txt before each run, keep it free of secrets, and treat its contents as editable project notes rather than authoritative instructions.