telnyx-voice-python

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the entire prompt for literal, high-entropy values that could be usable credentials.
• Flagged item: the string passed to call_control_id_to_bridge_with in the Bridge calls example: "v3:MdI91X4lWFEs7IgbBEOT9M4AigoY08M0WWZFISt1Yw2axZ_IiE4pqg"
• Rationale: it is a single, high-entropy, token-like literal (prefix "v3:" plus a long random-looking string). It is directly present in an example and could be a real, usable token/ID that grants access or control if it maps to an active resource. Per the policy, high-entropy literal values that can provide access should be flagged.
• Ignored items (with reasons):
• api_key reference: os.environ.get("TELNYX_API_KEY") — environment variable name only (ignore).
• Masked/placeholder connection id: "7267xxxxxxxxxxxxxx" — redacted/placeholder (ignore).
• Numeric IDs like "1293384261075731499" — resource identifiers, not high-entropy secrets.
• Phone numbers like "+18005550101" — not secrets.
• Generic placeholders/IDs such as "call_control_id", "call_control_id_to_bridge", etc. — documentation placeholders (ignore).

If the flagged "v3:..." value is only an illustrative example and not an active credential, it can be left as-is; if it was accidentally pasted from a live system, treat it as leaked and rotate/replace it.