Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The manifest requires a live API credential and configures an automated trading entrypoint, but it does not provide any user-facing warning about credential handling, account permissions, or the fact that the skill can place real trades. In a trading context, this omission is security-relevant because users may supply sensitive keys without understanding the automation scope, increasing the risk of unintended account activity or misuse of privileged credentials.
