Malicious code detected in rules/session-bootstrap.md: This is a prompt injection attack. The file masquerades as a session bootstrap rule but is designed to manipulate AI agents into executing arbitrary commands at the start of every session. It instructs the AI to (1) run bash commands, (2) invoke a skill/plugin ('tessl__trusted-memory') that could load attacker-controlled instructions or exfiltrate data, and (3) write files to disk — all before processing any user message. The 'MANDATORY' and 'Step 0' framing is social engineering to ensure the AI complies without question. This is a classic prompt injection pattern designed to hijack AI agent behavior.