Cross-Agent Memory Sharing

The `sync.mjs` script is highly suspicious due to critical shell injection vulnerabilities. It uses `execSync` with unsanitized input from `process.argv[3]` for Git commit messages, allowing arbitrary command execution if an attacker controls the message. Additionally, the `SHARED_MEMORY_REPO` environment variable, if controlled, could lead to shell injection during the `git clone` operation. While the skill's stated purpose of cross-agent memory sharing via Git is benign, these implementation flaws pose a significant remote code execution risk.