Signals CapitalGuard looks for
Production scripts in default agent scope
Customer exports or support logs inside the repo
Security notes, incident notes, or private runbooks stored beside code
Why it matters
Agents can accidentally expose sensitive files while answering normal engineering questions.
The most dangerous files are often operational, not application source code.
Protected path rules are easier to enforce after the risky file classes are named.
Precautions to take
Create a protected-path policy for sensitive directories.
Move customer data and incident notes out of the repo workspace.
Require human approval before agents read or edit operational files.