telnyx-video-go

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a hard-coded refresh token (a JWT) embedded verbatim in an example request, which instructs reproducing a secret string in output and creates an exfiltration risk despite other examples using environment variables.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The string is a full JWT (three base64 segments + signature) embedded directly as the RefreshToken value in an example call. It is high-entropy and not a placeholder like "YOUR_API_KEY" or a simple documented password, so it meets the definition of a secret. Even if included in docs as an example, it is a literal credential and should be treated as sensitive (rotate/revoke and replace with a placeholder).