v1.1.2 — Injection hardening + optional persistence

What's new in v1.1.2

• Hardened markdown output in reader save endpoint to reduce Markdown injection risk
• Escapes user-controlled fields before writing reading-list.md
• Sanitizes links to http/https only
• Clarified in SKILL.md that LaunchAgent auto-start is optional convenience (manual run is supported)

Why

Addresses scanner feedback on persistence language and markdown injection concerns.