We know that the flag is in current directory, let's check filenames here:
```shell
rbash-5.0$ echo *
flag-xEpAN7X3tGYjt4Y0p0FD.txt jail.sh
```

There is no `cat`, but we can send the file to `echo`:
```shell
rbash-5.0$ echo "$(

Original writeup (https://github.com/ninnikukawaii/write-ups/tree/master/San%20Diego%20CTF%202022/jail/rbash-yet-another-calculator).