tour-guide

This fragment describes a cross-platform, persistent installation mechanism that fetches unverified remote Markdown and injects it into privileged assistant configuration contexts (including system prompts/global rules). No executable malware is shown in this excerpt, but the pattern presents a meaningful supply-chain/prompt-injection integrity risk if the remote artifact is tampered with. Review and pin/verify the referenced SKILL.md content before installation.