base-app-setup

The fragment is a non-executable setup manifest that delegates real, actionable steps to remote recipe endpoints. The content as provided is not directly malicious but presents a supply-chain risk because it encourages fetching external instructions without integrity checks. The highest-risk scenarios arise when users or automation blindly execute fetched content or follow recipes that instruct uploading secrets or connecting to third-party managed services. Treat the referenced URLs as untrusted until each recipe is retrieved and audited; prefer pinned content, integrity checks, and secure secret handling.