Document Ingestion

Red flags to consider before installing/using this skill: - The SKILL.md expects you to run a local script at scripts/pipelines/document-ingestion.py and to have client mapping files (clients/{slug}/...) but the published bundle contains no code — ask the publisher for the script and full source before trusting it. - The skill clearly needs a QBO auth token (and mentions a Node.js QBO client) but the registry lists no required environment variables or credential names; ask which exact credentials are needed and how to scope/restrict them (use a sandbox token with minimal scope for testing). - The instructions will read your local folders and write outputs and caches (~/Desktop, .cache/document-ingestion). If you plan to run anything from an unreviewed source, do so in an isolated environment (VM/container) and inspect the code first. - The skill recommends installing third-party tools (tesseract, pdfminer.six, ofxparse). Install these only from official sources and be cautious about permissions. - If you want to proceed: obtain the actual script source, verify where the QBO token is read (which env var or config file), review vendor maps and any pre-mapped vendor list for privacy issues, and test with non-sensitive sample documents in QBO sandbox mode. If the publisher cannot provide the missing script and explicit credential/config instructions, treat this skill as incomplete and avoid running it on real financial data.