Ziptax Sales Tax

The skill bundle is designed to interact with the ZipTax API for sales tax lookups. All network requests are directed to the legitimate `api.zip-tax.com` domain. The `scripts/lookup.sh` script properly sanitizes user-provided address input using `python3 -c "import urllib.parse; print(urllib.parse.quote('$ADDRESS'))"` to prevent shell injection. The `ZIPTAX_API_KEY` is read from an environment variable and used as expected for API authentication, with no evidence of exfiltration to unauthorized destinations. No prompt injection attempts, obfuscation, or other malicious behaviors were found in `SKILL.md` or other files.