goose-migrate

SUSPICIOUS. The skill's stated purpose and read/write scope are mostly coherent, and its GitHub access uses the official `gh` CLI. However, its key write path depends on an unverifiable `gw todo` binary with no confirmed official source or release trail, so the user is asked to trust a black-box intermediary for Todoist operations. That makes the overall footprint higher risk than the benign purpose suggests.