telnyx-video-curl

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the skill prompt for literal high-entropy credentials. The TELNYX_API_KEY shown in Setup is a placeholder ("YOUR_API_KEY_HERE") and is ignored per the rules. However, the example for Refresh Client Token contains a full JWT-style string (header.payload.signature) assigned to "refresh_token". This is a long, random-looking token (high entropy) and appears to be a real, usable credential rather than a redacted or obvious placeholder. Therefore it meets the definition of a secret and should be flagged.