fix: use shared setup_continue_config to prevent JSON injection in local/continue.sh (#921)

local/continue.sh used a double-quoted heredoc to write the API key
directly into ~/.continue/config.json without escaping. If the key
contained double quotes, it could produce invalid JSON or inject
additional config fields. Replace inline heredoc with the shared
setup_continue_config helper which uses json_escape.

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

local/continue.sh

@@ -52,24 +52,10 @@ log_step "Appending environment variables to ~/.zshrc..."
 inject_env_vars_local upload_file run_server \
     "OPENROUTER_API_KEY=${OPENROUTER_API_KEY}"
 
-# 6. Configure Continue
-log_step "Configuring Continue..."
-CONTINUE_CONFIG_DIR="${HOME}/.continue"
-mkdir -p "${CONTINUE_CONFIG_DIR}"
-
-cat > "${CONTINUE_CONFIG_DIR}/config.json" <<EOF
-{
-  "models": [
-    {
-      "title": "OpenRouter",
-      "provider": "openrouter",
-      "model": "openrouter/auto",
-      "apiBase": "https://openrouter.ai/api/v1",
-      "apiKey": "${OPENROUTER_API_KEY}"
-    }
-  ]
-}
-EOF
+# 6. Configure Continue (uses json_escape to prevent injection)
+setup_continue_config "${OPENROUTER_API_KEY}" \
+    "upload_file" \
+    "run_server"
 
 echo ""
 log_info "Local setup completed successfully!"