market-report

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit config with "X-CMC-MCP-API-KEY": "your-api-key" and tells the agent to ask the user to set up the MCP connection, which implies collecting and embedding API keys verbatim in requests/configs (exfiltration risk).