// MCP TOOL REFERENCE
High Risk →

update_task

Send instructions to an active AI process (Claude Code or Gemini CLI)

How to control update_task ↓

WHAT UPDATE_TASK ON SYSTEMPROMPT CODING AGENT DOES

AI agents invoke update_task to trigger actions in SystemPrompt Coding Agent. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.

THE RISK

High Risk

This tool sends arbitrary instructions to an active AI coding process that autonomously executes programming tasks on a local development environment. The instructions could cause the AI agent to run code, modify files, execute shell commands, or perform other operations. Since the effects depend entirely on what instructions are sent and the AI agent can take broad autonomous actions, this is Execute category.

From the tool's definition "Send instructions to an active AI process (Claude Code or Gemini CLI)" — directs an autonomous AI coding agent to perform actions

Documented attack patterns abuse exactly the kind of access update_task gives an agent:

HOW TO CONTROL UPDATE_TASK

PolicyLayer is an MCP gateway — it sits between your AI agents and SystemPrompt Coding Agent, and nothing reaches the server without passing your rules. This is the rule we recommend for update_task:

policy.json 
{
  "version": "1",
  "default": "deny",
  "tools": {
    "update_task": {
      "limits": [
        {
          "counter": "update_task_rate",
          "window": "minute",
          "max": 10,
          "scope": "grant"
        }
      ]
    }
  }
}

update_task stays usable, but rate-capped — a runaway agent can't fire it dozens of times a minute. Everything else on the server is denied unless you say otherwise.

  1. Create a free account and register SystemPrompt Coding Agent — nothing to install.
  2. Add this policy — paste it, or build it visually.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
RATE-LIMIT THIS TOOL →

Free to start. No card required.

EXPLORE

More SystemPrompt Coding Agent tools

Destructive clean_state Clean up system state by removing all tasks Destructive end_task End a task and clean up the AI model session Execute check_status Check the status of Claude Code SDK and Gemini CLI availability by attempting to initiate Execute create_task Create a new task and start it immediately with Claude Code Read get_prompt Get a specific prompt by ID or list all available prompts if no ID is provided Read report Generate a report on task status. Shows all tasks if no ID provided, or details for a spec Read update_stats Get current statistics on tasks and active sessions

All 8 SystemPrompt Coding Agent tools →

Execute tools on other servers

Frida Game Hacking MCP remove_breakpoint Procmon request_elevation WireMCP capture_packets Pentest Ai run_probe

Go deeper

FAQ

What does the update_task tool do? +

Send instructions to an active AI process (Claude Code or Gemini CLI). It is categorised as a Execute tool in the SystemPrompt Coding Agent MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.

How do I enforce a policy on update_task? +

Register the SystemPrompt Coding Agent MCP server in PolicyLayer and add a rule for update_task: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches SystemPrompt Coding Agent. Nothing to install.

What risk level is update_task? +

update_task is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.

Can I rate-limit update_task? +

Yes. Add a rate_limit block to the update_task rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block update_task completely? +

Set action: deny in the PolicyLayer policy for update_task. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides update_task? +

update_task is provided by the SystemPrompt Coding Agent MCP server (systempromptio/systemprompt-code-orchestrator). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every SystemPrompt Coding Agent tool call.

Deterministic rules across all 8 SystemPrompt Coding Agent tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

GOVERN SYSTEMPROMPT CODING AGENT →

Free to start. No card required.

8 SystemPrompt Coding Agent tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.