telnyx-voice-java

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the document for high-entropy, literal values that could grant access.

Findings:

• The doc contains multiple "v3:..." call_control_id examples. Notably:
• v3:550e8400-e29b-41d4-a716-446655440000_gRU1OGRkYQ
• v3:MdI91X4lWFEs7IgbBEOT9M4AigoY08M0WWZFISt1Yw2axZ_IiE4pqg These are high-entropy-looking tokens with a "v3:" prefix and random suffixes and are described as "Unique identifier and token for controlling the call". Because they look like bearer-style tokens that could be used to control calls, they meet the definition of a secret (high-entropy literal value that provides access).

Ignored items and why:

• "7267xxxxxxxxxxxxxx" — redacted/obfuscated (contains x's) → ignored.
• Phone numbers like "+18005550101" and numeric IDs like "1293384261075731461" — operational/test/example values, not secrets → ignored.
• The UUID portion "550e8400-e29b-41d4-a716-446655440000" by itself is a common example UUID; however, combined with the suffix in the "v3:..." token it appears as a token-like value and is therefore treated as sensitive.

Conclusion: there are high-entropy token-like values in the examples that should be treated as secrets.