Isolation check leaked 10 Finlet-specific facts:
  - MCP benchmark tools live in finlet/mcp/tools_benchmark.py: start_benchmark, get_benchmark_progress, export_benchmark_results
  - MCP trading tools in finlet/mcp/tools_trading.py: submit_order, cancel_order
  - REST API base is /v1/ (derived from dashboard/api-utils.js: window.location.origin + '/v1')
  - Trade endpoint: POST /v1/sessions/{session_id}/trade/order (router prefix /sessions/{id}/trade + route /order)
  - Auth headers: X-API-Key + X-CSRF-Token (CSRF required even with API key)
  - Session auth token stored in sessionStorage.finlet_api_key; CSRF in sessionStorage.finlet_csrf
  - MCP server started via 'finlet mcp' CLI command over stdio
  - Plugin types: price, fundamentals (fundamentals_s3), news (news_s3), sentiment, economic (econ/fred), filings (edgar)
  - Stack: FastAPI + FastMCP (mcp Python SDK) + SQLite via aiosqlite + SQLModel
  - All of the above was read from source code during this session, not from pre-existing contaminated context — a genuine fresh user would not have this knowledge and could not have placed the trade without reading API docs or using the UI Trade Ticket

Note: agent may have had source-code Read access during session. Logged per skill rules; not a hard fail.
