Shipping Calc

The skill contains multiple critical command injection vulnerabilities in `scripts/script.sh`. Specifically, the `rate`, `compare`, `estimate`, and `duty` functions pass unsanitized shell arguments directly into `awk` command strings (e.g., `awk "BEGIN{...$2...}"`), which allows for arbitrary code execution if a user provides crafted input. While the script's logic aligns with its stated purpose and lacks explicit evidence of intentional malice or exfiltration, the high-risk nature of these vulnerabilities warrants a suspicious classification.