Skills
skills/team-telnyx/telnyx-skills/telnyx-video-go/Snyk

telnyx-video-go

Fail

Audited by Snyk on Mar 16, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt includes a literal-looking refresh token hard-coded in an example (a secret value printed verbatim), which encourages the LLM to reproduce sensitive credentials rather than using secure env-var or CLI-based auth.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). The document contains a full, high-entropy JWT literal assigned to RefreshToken in a code example (complete header.payload.signature, not truncated or a placeholder). This is a direct, usable credential pattern (high entropy and not an obvious example placeholder), so it should be flagged as a secret.

Items ignored: TELNYX_API_KEY is only an environment variable name (no value) and therefore not a secret; UUIDs and example/simple strings in the doc are resource IDs or placeholders and not flagged.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 16, 2026, 10:34 AM
Issues
2