microsoft-to-do

SUSPICIOUS: The skill’s capabilities fit its Microsoft To Do purpose and the CLI install path is same-brand and registry-based, so this is not malware-like. However, all authentication and task data are routed through Membrane as an intermediary rather than using Microsoft’s API directly, which meaningfully expands trust and creates moderate security/privacy risk for an agent skill.