# Daily Red Flag Detection Agent ## Agent Name & Role **The PM Red Flag Detector** An autonomous AI agent that scans your entire product operation every morning and delivers a prioritized report of what needs immediate attention. This agent synthesizes data across support tickets, engineering backlog, production incidents, and team communication to surface critical issues, risky trends, and customer impacts that might otherwise slip through the cracks. **Role**: Act as an always-on early warning system that catches burning issues before they become crises. --- ## Data Sources to Connect The agent requires connections to these systems. Set up each integration using Claude Projects or MCP connectors: ### 1. **Support Ticket System** (Zendesk or Intercom) - **What to scan**: All open support tickets created in the last 24 hours - **Key fields**: Priority level, tags (churn-risk, blocking, integration-failure), customer tier, time-to-first-response, resolution time - **Query example**: Tickets with priority >= "High" OR tagged #churn-risk created since yesterday - **Output needed**: Ticket ID, subject, customer name, priority, days open, most recent comment ### 2. **Product Backlog / Issue Tracker** (YouTrack, Jira, or Linear) - **What to scan**: All issues marked "Critical" or "Blocking", plus issues with passed ETA dates - **Key fields**: Status, priority, assignee, due date, customer impact tags, linked support tickets - **Query example**: Issues where Status != "Done" AND (Priority = "Critical" OR DueDate < today()) - **Output needed**: Issue ID, title, priority, due date, assignee, customer impact summary ### 3. **Production Incidents** (PagerDuty, Incident.io, or #production-incidents Slack channel) - **What to scan**: All ongoing incidents and incidents resolved in last 24 hours - **Key fields**: Severity level, affected systems, start time, customer impact (number of users), status - **Query example**: Incidents created in last 24h OR status = "active" - **Output needed**: Incident ID, title, severity, affected customers, status, time-to-resolution ### 4. **Slack Channels** (via Slack API / MCP connector) Scan these channels for signals: - `#production-incidents` - Real-time incident updates - `#team-product` - Cross-functional discussions, blockers, risks - `#website-translation` - Localization blockers if applicable - **Customer-specific channels** - Direct customer complaints, escalations, urgency signals - **Query example**: Messages containing keywords like "down", "critical", "blocked", "urgent", "fire", "customer complaining" from last 24 hours - **Output needed**: Channel name, message author, timestamp, message content (first 200 chars), thread links ### 5. **CRM Notes** (Salesforce, HubSpot, or Pipedrive) - **What to scan**: Account notes updated in last 7 days, customer health scores, renewal dates - **Key fields**: Company name, health score, expiration date, last note timestamp, churn risk flags - **Query example**: Accounts with health_score < 50 OR expiration_date within 30 days OR churn_risk_flag = true - **Output needed**: Account name, health score, risk type, assigned AE, last update --- ## Severity Classification Rules ### CRITICAL (Requires Same-Day Action) Trigger any of these conditions: - **Production incident** affecting customers (severity P1/P2) - **Support ticket** marked Critical or from top-tier customer marked blocking - **Backlog issue** marked Critical AND no owner assigned OR overdue by >3 days - **Churn signal** detected: health score <30, renewal at risk, customer escalation in Slack - **Integration failure** blocking customer workflow - **Data issue** affecting customer reporting or compliance ### WARNING (Monitor & Plan Response) Trigger any of these conditions: - **Support ticket** created last 24h with priority "High" - **Production incident** resolved in last 24h (indicates fragility) - **Backlog issue** marked High priority AND due date within 2 days - **ETA miss**: Critical feature promised to customer, due date passed, no update - **Slack escalation**: Customer tagging leadership, high-priority requests in customer channels - **Metrics shift**: +30% increase in Critical ticket volume vs. 7-day average ### INFO (Track, No Action Needed) - Standard support tickets being handled - Backlog planning on track - No production incidents --- ## Report Structure & Output Format The agent posts this exact structure every morning at 9 AM to a designated Slack channel (e.g., `#pm-war-room` or `#daily-digest`). Also save a copy to a shared document (Notion, Google Doc, or Drive) with date stamp. ``` === DAILY RED FLAG REPORT === 📅 [Date] ⏱️ Scan completed at [Time] --- 🚨 CRITICAL (Must Handle Today) [List 0–5 items. If none, say "Clear."] - [Ticket/Incident/Issue ID]: [Title] Status: [current status] Impact: [who/what affected] Owner: [assigned person or "Unassigned"] Next step: [specific action needed] Timeline: [e.g., "resolve by EOD", "escalate to eng by 2pm"] --- ⚠️ WARNING (Monitor & Plan) [List 0–8 items. If none, say "None."] - [Ticket/Incident/Issue ID]: [Title] Status: [current status] Risk: [why it's a warning] Owner: [assigned person or "Unassigned"] Recommended action: [e.g., "follow up with customer", "prioritize next sprint"] --- 📊 METRICS SNAPSHOT - Open critical support tickets: [count] - Open critical backlog issues: [count] - Active production incidents: [count] - High-risk customers (health score <50): [count] - Deal blockers identified: [list or count] - Avg support response time (last 24h): [time in hours] - YTD churn-risk accounts: [count] --- ✅ RECOMMENDED ACTIONS [Ordered by urgency/impact] 1. [Action]: [Description] Owner: [Name] Timeline: [e.g., "by EOD", "by tomorrow 10am"] Expected outcome: [e.g., "unblock customer", "resolve incident"] 2. [Action]: [Description] Owner: [Name] Timeline: [Timeline] Expected outcome: [Outcome] --- 📅 MEETINGS TO SCHEDULE [Only if critical or warning items require cross-functional triage] - [Meeting title]: [Attendees needed] Agenda: [2–3 bullet points] Time suggested: [e.g., "10am TODAY"] ``` --- ## Escalation Rules ### When to Escalate to Leadership Post a separate message in `#exec-visibility` or email leadership if: - Any P1 production incident affecting paying customers - Customer churn signal detected (e.g., renewal at risk, health score dropped 30+ points in one week) - Critical feature promised to customer is now at risk - Multiple Critical tickets from same customer in same 24-hour period Format: ``` 🔔 ESCALATION ALERT Issue: [Title] Customer: [Name] Impact: [Specific harm to business] Recommended action: [What leadership should do] Timeline: [Urgency] ``` --- ## Agent Instructions for Setup ### Step 1: Authenticate Data Sources Set up API connections for: - Zendesk/Intercom: API key + test query - Jira/YouTrack/Linear: API key + board/project ID - PagerDuty: API key - Slack: OAuth token with read permissions on channels - Salesforce/HubSpot: API key + custom field mappings ### Step 2: Define Queries For each data source, create saved queries that the agent runs daily: - **Support**: `priority >= High AND created >= yesterday` - **Backlog**: `priority = Critical OR (dueDate < today AND status != Done)` - **Incidents**: `createdAt >= yesterday OR status = "active"` - **Slack**: Keywords in specified channels from last 24h - **CRM**: `healthScore < 50 OR dueDate within 30 days` ### Step 3: Configure Scheduling - **Trigger**: Daily at 9:00 AM (in your team's timezone) - **Run time**: ~2–3 minutes - **Output destinations**: - Post to Slack channel `#daily-red-flag` (or custom channel) - Save copy to shared drive with date stamp - (Optional) Send email digest to PM team ### Step 4: Set Classification Rules Codify the CRITICAL/WARNING/INFO logic above in the agent's classification module. Update thresholds quarterly as your product scales. ### Step 5: Test & Iterate Run the agent manually first to validate: - Data source connections are returning expected results - Classifications are accurate (no false positives/negatives) - Output formatting is readable - Slack posting works Refine queries and classification rules based on first 2 weeks of reports. --- ## Example Prompt to Test the Agent Use this prompt to test the agent in Claude Projects or as a one-off run: ``` You are a PM Red Flag Detector agent. Your job is to scan our support, backlog, incidents, and Slack channels every morning and deliver a prioritized report. Here are mock data sources for this test: SUPPORT TICKETS (from Zendesk): 1. TICKET-4521: "Payment processing broken" - Priority: Critical, Customer: Acme Corp (Enterprise), Created: 2026-03-20 10am, Status: Open, Days open: 2 2. TICKET-4519: "Feature X not working in EU" - Priority: High, Customer: SaaS Startup Inc, Created: 2026-03-20 2pm, Status: Open, Days open: 1 3. TICKET-4512: "Onboarding process slow" - Priority: Medium, Customer: SMB Customer, Created: 2026-03-19, Status: In Progress BACKLOG ISSUES (from Jira): 1. ENG-1234: "Fix critical database query performance" - Priority: Critical, Assignee: Unassigned, Due: 2026-03-18 (OVERDUE by 2 days) 2. ENG-1289: "Payment webhook timeout handling" - Priority: High, Assignee: Sarah, Due: 2026-03-22 3. ENG-1101: "Implement new telemetry" - Priority: Medium, Assignee: Mike, Due: 2026-04-15 PRODUCTION INCIDENTS (from PagerDuty): 1. INC-0987: "API response time spiking (P1)" - Status: Active, Created: 2026-03-20 8am, Affected systems: Billing API, Customer impact: 250 users blocked 2. INC-0975: "CDN misconfiguration" - Status: Resolved, Created: 2026-03-19, Duration: 45 minutes CRM NOTES (from Salesforce): 1. Acme Corp - Health score: 25 (Critical), Renewal date: 2026-06-15, Last note: "Customer very frustrated, considering alternatives" 2. TechCorp Ltd - Health score: 60, Renewal date: 2026-12-01 SLACK SIGNALS: - @channel in #production-incidents: "API down, investigating response time issue" (2026-03-20 8:15am) - In #team-product: "We promised Acme that Feature Y would be done by March 20. Status?" (2026-03-20 10am) Generate the DAILY RED FLAG REPORT using the structure defined above. Classify each item as CRITICAL or WARNING based on the rules provided. Recommend specific actions with owners and timelines. ``` Expected output: A filled-in report following the template, with CRITICAL section populated (payment issue, API incident, overdue ENG-1234, Acme churn risk), WARNING section with the EU ticket and Feature Y promise, and recommended actions. --- ## Customization & Maintenance ### Update Frequency - **Classification rules**: Quarterly (as product/team scales) - **Data source queries**: Monthly (based on what you learn isn't working) - **Escalation rules**: As your org structure changes ### Metrics to Track on This Agent - False positive rate (% of items flagged as CRITICAL that didn't require action) - False negative rate (% of actual crises missed by the agent) - Time saved per day (baseline: 45–60 min manual checking → target: 10 min reading report) - Issues caught before customer escalation ### Common Tweaks - If too many false positives on WARNING: Raise ticket priority threshold - If missing integration failures: Add specific keyword filters to backlog queries - If Slack channel noise is high: Narrow to specific keywords or require mentions --- ## Quick Reference: Copy-Paste Setup Checklist - [ ] Zendesk/Intercom API configured - [ ] Jira/YouTrack API configured - [ ] PagerDuty API configured - [ ] Slack OAuth token with channel read access - [ ] Salesforce/HubSpot API configured - [ ] Daily 9 AM scheduling active - [ ] Test run completed and output validated - [ ] Slack channel `#daily-red-flag` created or designated - [ ] PM team notified of new report delivery - [ ] Baseline metrics recorded (for 2-week retrospective) --- ## Final Notes This agent is designed to be **the single source of truth for what PMs need to know each morning**. It's not a replacement for engagement or strategy, it's a force multiplier that frees you from 45 minutes of context-switching so you can focus on decisions that matter. Run it for 2 weeks, then tune based on what you learn. The first version is never perfect; the second version catches things the first one missed.