The Agent Skills Directory

[COMMAND_EXECUTION]: Executes several bash scripts (e.g., cx-worktree.sh, cx-dashboard-ensure.sh) provided within the skill's script directory to manage development environments and background services.
[COMMAND_EXECUTION]: Constructs shell commands by interpolating dynamic variables such as {feature-slug} and {功能标题} based on user input, which presents a potential risk of command injection if the input strings are not properly sanitized.
[DATA_EXFILTRATION]: Accesses project metadata and service state stored in the user's home directory at ~/.cx/dashboard/registry.json.
[COMMAND_EXECUTION]: Automatically manages a background service for a project dashboard, including process health monitoring and automatic restarts of backend and frontend components.
[PROMPT_INJECTION]: Utilizes high-priority instructions such as "HARD-GATE" and "强制规则" to strictly control agent behavior and ensure a mandatory two-round confirmation process is followed.
[COMMAND_EXECUTION]: Potential for indirect prompt injection during requirement gathering. Ingestion points: Reads existing code files, interfaces, and technical documentation from the local project. Boundary markers: No delimiters or instructions are provided to isolate the agent from potentially malicious instructions embedded in the ingested project files. Capability inventory: Ability to execute shell scripts and write files to the local project structure. Sanitization: No explicit validation or filtering logic is defined for the content read from external project files.

cx-prd