Pmos Search Menu Skill

The skill bundle automates navigation on the Gansu Electric Power Trading Platform (PMOS) website. It is classified as suspicious due to a command injection vulnerability in `scripts/navigate-pmos.js` and `scripts/navigate-pmos.sh`, where user-provided element references are directly interpolated into shell commands (via `execSync` in Node.js and direct execution in Bash) without sanitization. While the behavior aligns with the stated purpose of the tool, this flaw allows for arbitrary command execution if a user provides a crafted input string.