telnyx-account-management-curl
Fail
Audited by Snyk on Mar 16, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.80). The skill mostly uses an env var for auth (safe) but includes a literal plaintext password in the POST example, which constitutes an actual secret that the agent would reproduce verbatim if asked to emit the example—creating an exfiltration risk.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
-
Secret detected (high risk: 1.00). I scanned the document for literal, high-entropy credentials. The only literal secret-like value present is the password in the Create managed account example:
"password": "3jVjLq!tMuWKyWx4NN*CvhnB"
This is a high-entropy, random-looking string used as an explicit password in a request body and therefore qualifies as a hardcoded secret per the definition.
Other potential matches are ignored:
- TELNYX_API_KEY="YOUR_API_KEY_HERE" is a documentation placeholder and explicitly listed in the "What to ignore" rules.
- No actual API keys, private keys, or other tokens are present elsewhere (returned field names like api_key are just schema names, not values).
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W008
HIGHSecret detected in skill content (API keys, tokens, passwords).
Audit Metadata