telnyx-video-ruby

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a literal refresh_token JWT embedded verbatim in an example code block, which is a secret-like value and would require the LLM to reproduce or handle that exact token—posing a high exfiltration risk.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The file contains a full JWT-like token used as a literal refresh_token in the example call to refresh_client_token. It is a high-entropy, complete token (header.payload.signature) — not a placeholder, truncated value, or simple example password — and therefore appears to be a real, usable credential. Other values (ENV["TELNYX_API_KEY"], UUIDs, example strings like "my-meeting-room") are placeholders or non-secrets and are ignored.