The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted external data from local files that could contain malicious instructions. * Ingestion points: Reads task instructions from 任务/任务-{n}.md and API definitions from 契约.md. * Boundary markers: No explicit delimiters or instructions to ignore embedded prompts are used when reading these files. * Capability inventory: The skill can execute shell scripts via bash, write to the file system, and perform git operations. * Sanitization: No sanitization or validation of the content of the task or contract files is mentioned before processing.
[COMMAND_EXECUTION]: Executes several internal shell scripts (e.g., cx-worktree.sh, cx-core-worktree.sh, cx-workflow-exec-dispatch.sh) located in the ${CLAUDE_PLUGIN_ROOT} directory to manage workflow state and project isolation.

cx-exec