task-management

Suspicious. The stated purpose is coherent for a Todoist skill, but the actual trust boundary is not: it relies on an unverified `todoist-cli` and passes a real Todoist API token into it. The functionality is proportionate to task management, yet install provenance and credential forwarding make this a high-risk skill rather than a benign direct Todoist integration.