// MCP TOOL REFERENCE
Critical Risk →

end_task

End a task and clean up the AI model session

How to control end_task ↓

WHAT END_TASK ON SYSTEMPROMPT CODING AGENT DOES

AI agents call end_task to permanently remove resources in SystemPrompt Coding Agent — typically in cleanup and lifecycle workflows. It does its job in a single call, and there is no undo.

THE RISK

Critical Risk

Ending a task and cleaning up the session destroys the in-progress work state and session context, which cannot be recovered. This is irreversible by nature — once the AI model session is cleaned up, any unsaved in-memory state, partial results, or task context is gone. This qualifies as Destructive rather than Write because 'clean up' implies permanent removal of session data.

From the tool's definition 'End a task and clean up the AI model session' — terminating and cleaning up a session is an irreversible action that destroys the running state of an AI coding task.

Documented attack patterns abuse exactly the kind of access end_task gives an agent:

HOW TO CONTROL END_TASK

PolicyLayer is an MCP gateway — it sits between your AI agents and SystemPrompt Coding Agent, and nothing reaches the server without passing your rules. This is the rule we recommend for end_task:

policy.json 
{
  "version": "1",
  "default": "deny",
  "hide": [
    "end_task"
  ]
}

end_task disappears from the agent's tool list entirely, and any attempt to call it is denied. The rest of the server keeps working.

  1. Create a free account and register SystemPrompt Coding Agent — nothing to install.
  2. Add this policy — paste it, or build it visually.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
RESTRICT THIS TOOL →

Free to start. No card required.

EXPLORE

More SystemPrompt Coding Agent tools

Destructive clean_state Clean up system state by removing all tasks Execute check_status Check the status of Claude Code SDK and Gemini CLI availability by attempting to initiate Execute create_task Create a new task and start it immediately with Claude Code Execute update_task Send instructions to an active AI process (Claude Code or Gemini CLI) Read get_prompt Get a specific prompt by ID or list all available prompts if no ID is provided Read report Generate a report on task status. Shows all tasks if no ID provided, or details for a spec Read update_stats Get current statistics on tasks and active sessions

All 8 SystemPrompt Coding Agent tools →

Destructive tools on other servers

Frida Game Hacking MCP clear_scan MegaMemory remove_concept Frida Agent MCP kill_app 1MCP Server mcp_uninstall

Go deeper

FAQ

What does the end_task tool do? +

End a task and clean up the AI model session. It is categorised as a Destructive tool in the SystemPrompt Coding Agent MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.

How do I enforce a policy on end_task? +

Register the SystemPrompt Coding Agent MCP server in PolicyLayer and add a rule for end_task: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches SystemPrompt Coding Agent. Nothing to install.

What risk level is end_task? +

end_task is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.

Can I rate-limit end_task? +

Yes. Add a rate_limit block to the end_task rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block end_task completely? +

Set action: deny in the PolicyLayer policy for end_task. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides end_task? +

end_task is provided by the SystemPrompt Coding Agent MCP server (systempromptio/systemprompt-code-orchestrator). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every SystemPrompt Coding Agent tool call.

Deterministic rules across all 8 SystemPrompt Coding Agent tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

GOVERN SYSTEMPROMPT CODING AGENT →

Free to start. No card required.

8 SystemPrompt Coding Agent tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.