resolve-todo-parallel

SUSPICIOUS: the skill’s core purpose is coherent, but its footprint is risky because it mandates parallel general-purpose subagents over repository-authored TODO content and then commits and pushes changes automatically. The main concerns are autonomous external actions and prompt-injection exposure from untrusted TODO files, not supply-chain abuse or credential harvesting.