Skip to content

[Night Shift] docs: add --prompt-file guidance for shell-safe prompt passing#394

Open
Pgarciapg wants to merge 1 commit into
openai:mainfrom
Pgarciapg:exec-assistant/2026-06-22
Open

[Night Shift] docs: add --prompt-file guidance for shell-safe prompt passing#394
Pgarciapg wants to merge 1 commit into
openai:mainfrom
Pgarciapg:exec-assistant/2026-06-22

Conversation

@Pgarciapg

Copy link
Copy Markdown

Summary

  • Updated plugins/codex/skills/codex-cli-runtime/SKILL.md to instruct agents to use --prompt-file instead of positional arguments for shell-safe prompt passing
  • Added example showing how to write prompt to temp file and use --prompt-file flag
  • Updated test assertions to verify new documentation pattern

Changes

  • SKILL.md: Added "Prompt passing" section with:
    • Instruction to always use --prompt-file for shell safety
    • Example using heredoc to write prompt to /tmp/codex-prompt.txt
    • Explanation of why this avoids shell escaping issues
    • Note that positional arguments still work but are fragile
  • tests/commands.test.mjs: Updated test to match new --prompt-file documentation

Test plan

  • All 86 tests pass

🤖 Generated with Claude Code

…passing

Instructs agents to use --prompt-file instead of positional arguments
when invoking Codex tasks. This avoids shell escaping issues with quotes,
backticks, dollar signs, and other metacharacters in prompts.

- Update SKILL.md with example showing temp file + --prompt-file usage
- Update test to verify new documentation pattern

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@Pgarciapg Pgarciapg requested a review from a team June 22, 2026 05:05

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 627f1bf99b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

- Always use `--prompt-file` instead of positional arguments for shell-safe prompt passing.
- Write the prompt to a temp file first, then reference it:
```bash
cat << 'EOF' > /tmp/codex-prompt.txt

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Avoid embedding raw prompts in a fixed heredoc

When the forwarded prompt contains a line that is exactly EOF, this example closes the quoted heredoc early and the remaining prompt text is interpreted by the shell before codex-companion runs. That makes the new “shell-safe” path unsafe for prompts copied from issues, logs, or user input that may include heredoc terminators; use a construction that does not embed raw prompt text directly in shell syntax, or generate a collision-resistant delimiter.

Useful? React with 👍 / 👎.


Primary helper:
- `node "${CLAUDE_PLUGIN_ROOT}/scripts/codex-companion.mjs" task "<raw arguments>"`
- `node "${CLAUDE_PLUGIN_ROOT}/scripts/codex-companion.mjs" task --prompt-file /tmp/codex-prompt.txt [flags]`

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Use a unique prompt file path

This hard-codes a shared /tmp/codex-prompt.txt path and the example never removes it, so concurrent rescue handoffs on the same machine can overwrite each other between writing and reading the file, and sensitive task text is left behind for later runs or other local users to read. The guidance should use a per-invocation temp file such as mktemp and clean it up after invoking task.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant