telnyx-video-python

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a literal-looking refresh_token JWT embedded directly in an example (passed verbatim to the API call), which forces the agent to handle/output a sensitive secret value in clear text.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The code contains a full, high-entropy JWT-looking value used directly as a refresh_token in the "Refresh Client Token" example. It is not a placeholder (e.g., YOUR_API_KEY) nor a simple setup password; it has the structure header.payload.signature and long random-looking segments, so it appears to be a real, usable credential. Therefore it should be flagged and removed/redacted (or replaced with an environment variable/placeholder) in documentation.