Knowledge Base Skill

The skill bundle implements a functional knowledge base with OCR support but contains significant security vulnerabilities. Specifically, `kb-manager.py` is susceptible to path traversal attacks in functions like `delete_business` and `get_business_dir` because the `business_name` parameter is used in `os.path.join` and `shutil.rmtree` without sanitization. Additionally, `kb-image.sh` handles shell arguments and manual JSON construction in a manner that could be exploited if inputs contain shell metacharacters. While these appear to be unintentional implementation flaws rather than intentional malware, they constitute high-risk behaviors that could lead to unauthorized file deletion or command manipulation.