Skills
skills/team-telnyx/telnyx-ext-agent-skills/telnyx-voice-conferencing-python/Snyk

telnyx-voice-conferencing-python

Fail

Audited by Snyk on Mar 12, 2026

Risk Level: HIGH
Full Analysis

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned for high-entropy literal values that could be used to access services. I flagged the repeated "v3:MdI91X4lWFEs7IgbBEOT9M4AigoY08M0WWZFISt1Yw2axZ_IiE4pqg" value because it is a long, random-looking token (prefixed "v3:") and is used as a call_control_id in examples — the docs state call_control_id is "used to issue commands via Call Control API", so this literal could be a usable identifier/credential if active.

Ignored items and why:

  • UUIDs such as "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e" and "c46e06d7-b78f-4b13-96b6-c576af9640ff" — these are resource IDs (low sensitivity), not high-entropy secrets per the definition.
  • Environment variable usage (TELNYX_API_KEY) — no value provided, so nothing to flag.
  • Generic placeholders like "id", "call_control_id", "queue_name" and simple strings (e.g., "support", "Business") — documentation placeholders or examples, not secrets.

Therefore I mark presence of a potential hardcoded secret due to the v3:... token.

Issues (1)

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 12, 2026, 03:31 AM
Issues
1