todo-resolve

SUSPICIOUS: the skill is mostly aligned with repository todo resolution, but it expands scope through parallel sub-agents, transitive loading of another skill, and autonomous git commit/push. No clear credential theft, exfiltration endpoint, or malicious installer is present; the main risk is broad repository modification and external publication actions without explicit per-action approval.