telnyx-video-go

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a hard-coded refresh_token JWT string in an example (a literal secret-like value), which would force the model to reproduce a secret verbatim if it emitted that example—an insecure credential-handling pattern.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The string is a full JWT (three base64 segments + signature) embedded directly as the RefreshToken value in an example call. It is high-entropy and not a placeholder like "YOUR_API_KEY" or a simple documented password, so it meets the definition of a secret. Even if included in docs as an example, it is a literal credential and should be treated as sensitive (rotate/revoke and replace with a placeholder).