pet-groomer

This snippet documents a high-impact supply-chain/prompt-persistence mechanism: it fetches untrusted remote content from a raw GitHub URL and instructs installing/appending it into multiple assistants’ persistent configuration, including global rule files and a Codex system_prompt-like field. No direct malware actions are shown in the snippet itself, but the persistence pattern creates substantial risk if the remote SKILL.md contains malicious instructions. Treat as medium-to-high security risk until the referenced SKILL.md content and installer behavior (including any integrity checks) are reviewed.