GHSA-2rcg-mm5h-xchx: PraisonAI: Arbitrary File Read via `@file:` Mention Path Traversal

The MentionsParser in src/praisonai-agents/praisonaiagents/tools/mentions.py processes @file: mentions in agent prompts by reading arbitrary files from the filesystem. When a file path is not found relative to the workspace, the parser falls back to using the path as an absolute path without any validation or boundary check. This allows an attacker who can influence agent prompts (via chat messages, Telegram/Discord/Slack bot inputs, or YAML workflow configs) to read any file on the filesystem accessible to the process user.