telnyx-video-ruby

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit refresh_token/JWT literal and shows embedding it directly into an API call (refresh_client_token), which requires the model to handle and potentially output a secret value verbatim.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The file contains a full JWT-like token used as a literal refresh_token in the example call to refresh_client_token. It is a high-entropy, complete token (header.payload.signature) — not a placeholder, truncated value, or simple example password — and therefore appears to be a real, usable credential. Other values (ENV["TELNYX_API_KEY"], UUIDs, example strings like "my-meeting-room") are placeholders or non-secrets and are ignored.