telnyx-video-java

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains a literal refresh_token/JWT embedded in an example and shows it being passed verbatim into the API call, which requires the model to output or handle a secret string directly.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The documentation contains a full, non-truncated JWT used directly as the refreshToken argument in a code sample. It is a high-entropy, literal credential (header.payload.signature format, not a placeholder like "YOUR_API_KEY" or "sk-xxxx"). Even if it may have expired, it is a real-looking token tied to Telnyx claims and should be treated as a secret and removed/rotated.