ai-todo

SUSPICIOUS. The skill’s purpose is coherent, but its trust model is weak: it depends on an external CLI and custom remote service whose publisher relationship was not verified, reads a raw credential file, and allows server-driven command discovery. This is more consistent with a medium/high-risk third-party integration than a clearly benign, well-scoped skill.