Dataview

The skill is a logging utility for data operations that stores entries in ~/.local/share/dataview/. It contains a flag injection vulnerability in the _search function of scripts/script.sh because the $term variable is passed directly to grep, allowing an attacker to provide flags (e.g., -f /etc/passwd) to read unauthorized files. Additionally, the _export function lacks proper output sanitization when generating JSON and CSV files, which can lead to data injection or corruption if the logged values contain quotes or delimiters.