The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local bash scripts and standard git commands to manage development workflows. Specifically, it uses git rev-parse --show-toplevel to resolve absolute paths and executes cx-worktree.sh and cx-workflow-fix.sh located within the ${CLAUDE_PLUGIN_ROOT}/scripts/ directory.
[PROMPT_INJECTION]: The skill possesses vulnerability surfaces for indirect prompt injection through the processing of untrusted user data.
Ingestion points: Untrusted content enters the agent's context via the {问题描述} (issue description) and <问题标题> (issue title) placeholders.
Boundary markers: The example command uses double quotes ("<问题标题>") to wrap user input, which provides basic shell separation but does not prevent the agent from obeying instructions embedded within that text.
Capability inventory: The skill has access to shell execution and file system write operations (开发文档/CX工作流/修复/), which are considered high-impact capabilities.
Sanitization: There is no evidence of input validation, sanitization, or instructions for the agent to ignore directives within the processed data.

cx-fix