Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The skill tells users to obtain and store a live API key but does not warn that this credential is sensitive or advise safe handling. That omission increases the chance the key is pasted into chat, committed to source control, logged in shell history, or stored insecurely, which could enable unauthorized access to the user's trading data or account functions exposed by the API.
