Ppe

The skill implements a local PPE tracker but contains a command injection vulnerability in `scripts/script.sh` within the `cmd_config` function. Specifically, user-provided keys and values are passed unsanitized to a `sed -i` command, which could allow for arbitrary file manipulation or, on systems with GNU sed, remote code execution (RCE) via the `e` flag. While the tool's behavior aligns with its stated purpose, the lack of input validation in a shell script environment is a significant security flaw.