telnyx-video-javascript

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a literal refresh_token JWT value embedded in example code, which is an actual secret-like string that would encourage or require the model to output secrets verbatim (high exfiltration risk).

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The documentation includes a long, high-entropy JWT-like string assigned to refresh_token in the refreshClientToken example. It is a literal token (header.payload.signature), not a placeholder (no "YOUR_*", no truncation "...", and not a simple setup password), so it appears to be a usable credential and should be treated as a secret.