telnyx-video-ruby

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes a literal refresh_token value embedded verbatim in example code (an actual-looking token string), which is an insecure pattern because it demonstrates putting secrets directly into generated output even though the API key is shown via an environment variable.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The example contains a full, high-entropy JWT (three base64 segments + signature) used as the refresh_token in the refresh_client_token call. It is not a truncated/redacted placeholder, not an obvious simple example password, and appears to be a real, usable credential (would grant access if valid). Other values (ENV["TELNYX_API_KEY"], UUIDs, example phone numbers) are environment variable names or sample IDs and are ignored per the rules.