finhay-market

SUSPICIOUS: The stated purpose is coherent for a market-data skill, and the listed endpoints are read-only and proportionate. But the skill's core executable (./finhay.sh) is not provided, yet it is entrusted with API credentials and can update local skill definitions via sync; this unverifiable dependency and transitive update path materially raise risk.