org-agenda-api

The skill presents a coherent interface for managing org-mode agenda data via a HTTP API with Basic Auth. The capabilities align with reading/writing agenda items and metadata. However, several security concerns exist: reliance on password-store credentials for every request increases exposure risk; destructive write endpoints require strong access controls and auditing; data is transmitted over HTTPS but credentials are not tokenized or scoped, and there is potential for credential leakage in client logs or intermediaries. Overall, the footprint is situationally benign for legitimate use but warrants tightened credential handling, input validation, access controls, and auditing to reduce risk. Security risk is moderate with notable credential and data integrity considerations.