6a5c2ba53b
Unquoted \$ARGUMENTS in the ! shell commands allowed shell metacharacters in user-supplied job IDs to be expanded before Node received them (e.g., `task-123; malicious-cmd` would execute the trailing command). This is inconsistent with review.md and adversarial-review.md, which both wrap "$ARGUMENTS" in double quotes. Co-authored-by: claude[bot] <claude-bot@anthropic.com> Co-authored-by: Claude Code <noreply@anthropic.com>
795 B
795 B
| description | argument-hint | disable-model-invocation | allowed-tools |
|---|---|---|---|
| Show active and recent Codex jobs for this repository, including review-gate status | [job-id] [--wait] [--timeout-ms <ms>] [--all] | true | Bash(node:*) |
!node "${CLAUDE_PLUGIN_ROOT}/scripts/codex-companion.mjs" status "$ARGUMENTS"
If the user did not pass a job ID:
- Render the command output as a single Markdown table for the current and past runs in this session.
- Keep it compact. Do not include progress blocks or extra prose outside the table.
- Preserve the actionable fields from the command output, including job ID, kind, status, phase, elapsed or duration, summary, and follow-up commands.
If the user did pass a job ID:
- Present the full command output to the user.
- Do not summarize or condense it.