scriptwriter

This fragment is not executable package code; it documents a workflow that fetches untrusted remote content and persists it into multiple AI coding assistants’ local skill and high-impact instruction files (including system prompts/global rules). No direct malware behavior (exfiltration, execution, credentials) is shown here, but the described unverified remote-to-persistent-instruction pipeline creates a meaningful supply-chain/prompt-injection risk with potentially broad impact across assistants and sessions.