telnyx-video-java

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit refresh token JWT literal in an example (.refreshToken("eyJhbGciOiJIUzUxMiI...")), which demonstrates and would encourage embedding secret values verbatim in generated code/requests, creating an exfiltration risk.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The code includes a full, high-entropy JWT literal (starts with "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9..." and includes the signature) used as the refreshToken value in the "Refresh Client Token" example. This is not a placeholder, truncated, or a simple setup password — it appears as a complete, usable credential in the example and therefore meets the definition of a secret to flag.