telnyx-video-java

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a hardcoded-looking refresh token (a long JWT) embedded directly in example code and shows passing it verbatim to the API, which requires the agent to handle/output secret values.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The documentation contains a full, non-truncated JWT used directly as the refreshToken argument in a code sample. It is a high-entropy, literal credential (header.payload.signature format, not a placeholder like "YOUR_API_KEY" or "sk-xxxx"). Even if it may have expired, it is a real-looking token tied to Telnyx claims and should be treated as a secret and removed/rotated.