Invoice Generator Pro

The skill is classified as suspicious due to multiple critical vulnerabilities in `generate-invoice.sh`. User-supplied values for `--item` (specifically 'Qty' and 'Rate') and `--tax` are directly passed to the `bc` command without sanitization, creating a severe shell injection vulnerability that could lead to arbitrary code execution. Furthermore, the `--output` parameter allows writing the generated invoice to an arbitrary file path, posing an arbitrary file write risk. Finally, user inputs are directly inserted into the HTML and Markdown outputs without proper sanitization, leading to potential HTML/Markdown injection (XSS) if the output is rendered.