fix(docs): address additional security review findings

- Quote $SESSION variable in multi-turn session example (exec-mode.md)
- Add security note about reviewing installation scripts (user-guide.md)

Author: echobt

docs/exec-mode.md

@@ -372,8 +372,8 @@ cortex exec -o json "list TODO comments" | jq '.tool_calls | length'
 # Start a session
 SESSION=$(cortex exec -o json "analyze codebase" | jq -r '.session_id')
 
-# Continue the session
-cortex exec -s $SESSION "now focus on the auth module"
+# Continue the session (quote variable to handle edge cases)
+cortex exec -s "$SESSION" "now focus on the auth module"
 ```
 
 ### Context Inclusion

docs/user-guide.md

@@ -16,6 +16,11 @@ Cortex provides:
 
 ### Linux and macOS
 
+> **Security Note:** Before running any installation script, you can review it first:
+> ```bash
+> curl -fsSL https://software.cortex.foundation/install.sh | less
+> ```
+
 ```bash
 curl -fsSL https://software.cortex.foundation/install.sh | sh
 ```