Ragflow API Client

The skill is designed to interact with a RAGflow API, including uploading documents. Its `uploadDocument` function in `lib/api.js` and the `upload` command in `scripts/ragflow.js` allow reading and uploading arbitrary local files specified by a `filePath` argument (e.g., `--file /etc/passwd`). While this functionality is inherent to a document upload feature, the lack of input sanitization or restrictions on the `filePath` creates a significant vulnerability. If an AI agent is susceptible to prompt injection, it could be instructed to upload sensitive local files (e.g., `~/.ssh/id_rsa`, `/etc/passwd`) to the configured `RAGFLOW_URL`, leading to local file exfiltration. This is a critical vulnerability that allows attacks, rather than code explicitly designed with malicious intent.