telnyx-voice-java

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned for high-entropy, literal values that could grant access. Most values are obvious examples or placeholders: numeric IDs like "1293384261075731499" are resource identifiers (not secret keys); masked values like "7267xxxxxxxxxxxxxx" are redacted/placeholders; phone numbers and simple strings (e.g., "call_control_id", "call-router", "https://example.com") are documentation examples.

However, the string used in the bridge example: v3:MdI91X4lWFEs7IgbBEOT9M4AigoY08M0WWZFISt1Yw2axZ_IiE4pqg is a long, random-looking token (high entropy), presented as a literal value in code. It is not truncated or labeled as a placeholder and could be a real, usable identifier/token that provides access to control a call. Therefore I treat it as a hardcoded secret and flag it.

All other potential matches were ignored for the reasons above (low entropy, placeholders, redacted, or obvious examples).