telnyx-video-python

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt mostly shows secure patterns (using env vars) but includes a literal-looking refresh_token/JWT value embedded in an example and code that passes/prints tokens verbatim, which forces/encourages exposing secret values in output.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The documentation includes a full, high-entropy JWT string (three dot-separated base64 segments with a signature) used literally as the refresh_token in an example code block. It is not a placeholder (e.g., "YOUR_API_KEY"), not truncated/redacted, and not a simple setup password — it contains identifiable claims (aud, jti, sub) consistent with a real token. Because it is a complete token literal that could be used to authenticate, I flag it as a secret. (Note: the token may be an example or expired, but that does not remove the sensitivity of embedding a full JWT in docs.)