earnings-calendar

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt asks the user to paste their FMP API key into the session, stores it in a session variable, and shows command examples that pass the key directly on the command line (e.g., "${API_KEY}"), which requires the LLM to handle and potentially output the secret verbatim—an exfiltration risk.