Summary
Several Claude command markdown files invoke the companion with raw $ARGUMENTS in a shell snippet. If a user-provided argument contains shell metacharacters, the shell can split or interpret it before Node receives argv.
This is especially relevant for cancel, result, and status, where job-id prefixes are expected to be inert strings.
Local evidence
Affected snippets:
plugins/opencode/commands/cancel.md
node "${CLAUDE_PLUGIN_ROOT}/scripts/opencode-companion.mjs" cancel $ARGUMENTS
plugins/opencode/commands/result.md
node "${CLAUDE_PLUGIN_ROOT}/scripts/opencode-companion.mjs" result $ARGUMENTS
plugins/opencode/commands/status.md
node "${CLAUDE_PLUGIN_ROOT}/scripts/opencode-companion.mjs" status $ARGUMENTS
plugins/opencode/commands/setup.md
node "${CLAUDE_PLUGIN_ROOT}/scripts/opencode-companion.mjs" setup --json $ARGUMENTS
Expected behavior
User arguments should be passed to the companion exactly as user input, not interpreted by the shell.
Suggested fix
Quote or otherwise safely pass arguments in all command markdown snippets. At minimum, mirror the safer treatment used by the review/adversarial command docs and ensure free-form text with #, $, ;, &, |, backticks, etc. survives unchanged.
Add a lightweight NL artifact test that scans command markdown for unsafe $ARGUMENTS usage.
Upstream reference
Derived from openai/codex-plugin-cc#170.
Summary
Several Claude command markdown files invoke the companion with raw
$ARGUMENTSin a shell snippet. If a user-provided argument contains shell metacharacters, the shell can split or interpret it before Node receives argv.This is especially relevant for
cancel,result, andstatus, where job-id prefixes are expected to be inert strings.Local evidence
Affected snippets:
plugins/opencode/commands/cancel.mdnode "${CLAUDE_PLUGIN_ROOT}/scripts/opencode-companion.mjs" cancel $ARGUMENTSplugins/opencode/commands/result.mdnode "${CLAUDE_PLUGIN_ROOT}/scripts/opencode-companion.mjs" result $ARGUMENTSplugins/opencode/commands/status.mdnode "${CLAUDE_PLUGIN_ROOT}/scripts/opencode-companion.mjs" status $ARGUMENTSplugins/opencode/commands/setup.mdnode "${CLAUDE_PLUGIN_ROOT}/scripts/opencode-companion.mjs" setup --json $ARGUMENTSExpected behavior
User arguments should be passed to the companion exactly as user input, not interpreted by the shell.
Suggested fix
Quote or otherwise safely pass arguments in all command markdown snippets. At minimum, mirror the safer treatment used by the review/adversarial command docs and ensure free-form text with
#,$,;,&,|, backticks, etc. survives unchanged.Add a lightweight NL artifact test that scans command markdown for unsafe
$ARGUMENTSusage.Upstream reference
Derived from openai/codex-plugin-cc#170.