action-items-todoist

SUSPICIOUS: the skill’s purpose is coherent, but its footprint is broad and trust-heavy. It legitimately automates meeting follow-ups, yet it relies on multiple third-party CLIs, forwards sensitive workspace/env-backed credentials and meeting transcripts through them, chains into another skill, and can take autonomous business actions. This looks more like a high-risk automation skill than malware, with the main concerns being supply-chain trust, credential forwarding, and privacy exposure rather than clear deception.