6a5c2ba53b
Unquoted \$ARGUMENTS in the ! shell commands allowed shell metacharacters in user-supplied job IDs to be expanded before Node received them (e.g., `task-123; malicious-cmd` would execute the trailing command). This is inconsistent with review.md and adversarial-review.md, which both wrap "$ARGUMENTS" in double quotes. Co-authored-by: claude[bot] <claude-bot@anthropic.com> Co-authored-by: Claude Code <noreply@anthropic.com>
652 B
652 B
| description | argument-hint | disable-model-invocation | allowed-tools |
|---|---|---|---|
| Show the stored final output for a finished Codex job in this repository | [job-id] | true | Bash(node:*) |
!node "${CLAUDE_PLUGIN_ROOT}/scripts/codex-companion.mjs" result "$ARGUMENTS"
Present the full command output to the user. Do not summarize or condense it. Preserve all details including:
- Job ID and status
- The complete result payload, including verdict, summary, findings, details, artifacts, and next steps
- File paths and line numbers exactly as reported
- Any error messages or parse errors
- Follow-up commands such as
/codex:status <id>and/codex:review