Recite

The skill's core functionality is benign, but the `process_receipts.py` script contains a path traversal vulnerability. It uses `sys.argv[1]` (target directory) and API-provided `vendor` and `date` fields directly in `os.path.join` and `os.rename` without robust sanitization, potentially allowing files to be renamed or moved to arbitrary locations if malicious input or API responses are provided. Furthermore, `SKILL.md` and `README.md` instruct the AI agent to read `long_term_memory.md` for custom instructions, creating a prompt injection surface against the agent, though the skill itself does not contain malicious instructions in this file.