Create and manage Product Requirements Documents (PRDs). Use when: (1) Creating structured task lists with user stories, (2) Specifying features with acceptance criteria, (3) Planning feature implementation for AI agents or human developers.
Security Analysis
high confidenceThe skill's PRD templates and workflow are coherent, but the runtime instructions recommend autonomous agent loops (including a 'dangerously-skip-permissions' flag), reference agent CLIs that are not declared, and enable unsupervised repo edits — these mismatches and the permission-bypass pattern are risky.
The skill name and description (create/manage PRDs) align with the provided templates, prd.json format, and workflows. However, the documentation repeatedly references running external agent CLIs (claude, opencode, dev-browser skill) and git worktree operations while the skill declares no required binaries or environment variables. The omission of those dependencies is an inconsistency: a skill that instructs use of specific agent CLIs should declare them (and any required API keys) in requirements.
SKILL.md and references explicitly instruct autonomous agents to read/modify prd.json and progress.txt, create/check out branches, implement code, run checks, commit changes, and mark stories complete. The 'Unattended Agentic Loop' example runs an infinite loop and uses 'claude --dangerously-skip-permissions', which bypasses permission prompts — this encourages unsupervised modification of repositories and bypasses safety controls. While implementing PRD items can legitimately involve repo modifications, the instructions grant broad, unsupervised authority and include a clear permission-bypass recommendation, which is a high-risk scope expansion.
The skill is instruction-only with no install spec and no code files. This is low-risk from an installation perspective because it doesn't write code or download artifacts to disk. The main risk comes from the runtime instructions (see instruction_scope), not from install behavior.
The skill declares no required environment variables or credentials, yet its docs instruct use of CLIs (claude, opencode, dev-browser) which typically require API keys or auth. Not declaring needed env vars is an omission that hides the fact that secret credentials will be needed at runtime if the recommended tooling is used. Additionally, the skill asks agents to modify repos and create branches but doesn't specify repository access constraints, which increases the blast radius if an agent runs with wide permissions.
The skill is not marked always:true, and model invocation is allowed (default). Combined with instructions for autonomous agentic loops and automated commits/branching, that means an agent could be invoked autonomously to modify codebases. The combination of autonomous invocation + explicit instruction to bypass permissions and run indefinite loops increases risk; the skill itself doesn't request persistent installation, but its runtime patterns effectively ask for long-lived operational privileges over a repo when executed.
Guidance
This skill's PRD templates and workflow are reasonable for generating and tracking stories, but the runtime documents recommend running autonomous agent loops that: (a) call CLIs like 'claude' and 'opencode' (which require API keys) even though no binaries or env vars are declared, and (b) include an example that uses '--dangerously-skip-permissions' and an infinite loop. Before installing or running this skill: 1) Do not run any example that uses 'dangerously-skip-permissions' or infinite loops. 2) Require a human-in-the-loop for any code commits and limit agent permissions (use a throwaway/test repo or read-only tokens initially). 3) If you plan to run agents, explicitly provision and audit the necessary CLIs and API keys (and update the skill metadata to declare them). 4) Back up repositories and ensure CI safeguards (protected branches) so autonomous agents cannot push directly to main. 5) Ask the publisher to clarify intended runtime (are agents meant only to prepare PRDs or to autonomously modify repos?) and to remove unsafe examples or document safe, permissioned execution modes.
Latest Release
v2.0.5
- Added an `author` field to the skill metadata with contact information. - Switched metadata `version` and flattening to proper YAML format under the `metadata` section. - No behavioral or functional changes to PRD format or usage instructions. - Documentation and usage examples remain unchanged.
More by @bjesuiter
Published by @bjesuiter on ClawHub
