unify-worktree-memory
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill requires the user to grant execution permissions (chmod +x) and manually run local scripts. The referenced scripts (@scripts/consolidate-memory and @scripts/ensure-memory-symlink) are not included in the provided input, making the actual logic unverifiable and potentially unsafe.
- COMMAND_EXECUTION (MEDIUM): The guide instructs users to modify ~/.claude/settings.json to register a SessionStart hook. This establishes a persistence mechanism that automatically executes a script every time a new Claude Code session begins.
- PROMPT_INJECTION (LOW): The skill merges content from MEMORY.md files across different worktrees/branches, which creates an indirect prompt injection surface. 1. Ingestion points: MEMORY.md files located in various git worktrees. 2. Boundary markers: None (content is merged with a header). 3. Capability inventory: Execution of local shell scripts and modification of the agent's memory/settings. 4. Sanitization: None (content is appended directly).
Audit Metadata