ftd-detector

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires an API key and shows using it as a command-line flag (--api-key $FMP_API_KEY), an insecure pattern that can lead the agent to include secret values verbatim in generated commands/outputs (even though env-var usage is mentioned, the explicit flag example creates exfiltration risk).