TODO Tracker

The skill is classified as suspicious due to a potential Regular Expression Denial of Service (ReDoS) vulnerability in `scripts/todo.sh`. User-provided patterns for 'mark done' and 'remove item' commands are directly used in `grep` and `sed` regex operations without sufficient sanitization, which could allow a malicious or overly complex regex pattern to consume excessive CPU resources and lead to a denial of service. While the skill's core functionality is benign and involves local file operations, this specific implementation detail introduces a notable risk.