Port: quote $ARGUMENTS in cancel/result/status commands (security)

[JohnnyVicious]

Port of openai/codex-plugin-cc#168 (merged)

Bug

plugins/opencode/commands/cancel.md, result.md, and status.md invoke the companion via a bare, unquoted $ARGUMENTS:

node "${CLAUDE_PLUGIN_ROOT}/scripts/opencode-companion.mjs" status $ARGUMENTS

The shell expands $ARGUMENTS before Node receives it. A user-supplied job ID containing shell metacharacters (e.g., task-123; rm -rf ~) would be split by the shell and execute the trailing command. This is a shell injection in the command plumbing.

Fix

Wrap $ARGUMENTS in double quotes in all three affected command files:

- node "${CLAUDE_PLUGIN_ROOT}/scripts/opencode-companion.mjs" status $ARGUMENTS
+ node "${CLAUDE_PLUGIN_ROOT}/scripts/opencode-companion.mjs" status "$ARGUMENTS"

Same change for cancel.md and result.md.

review.md, adversarial-review.md, and rescue.md either already quote or go through a full bash block, so those are unaffected — verify during the fix that they stay consistent.

Why this matches the upstream PR

Upstream codex-plugin-cc had the identical pattern and the same three commands, fixed in one commit by quoting. Our port is literally the same diff with codex-companion.mjs -> opencode-companion.mjs and file paths under plugins/opencode/commands/.

Upstream reference

openai/codex-plugin-cc#168 (merged 2026-04-08).

[JohnnyVicious]

Closing as duplicate of #29. #29 covers the same unquoted $ARGUMENTS security issue and also includes setup.md, which this ticket does not.