Signals CapitalGuard looks for
Environment files inside default workspaces
Deployment logs with credential-shaped values
Service-account, token, or webhook references in code
Why it matters
Secret context can help attackers map production systems even when raw values are redacted.
Agents may summarize sensitive paths while debugging or preparing status reports.
Screenshots, demos, and copied findings can accidentally spread sensitive context.
Precautions to take
Block sensitive paths from agent reads and summaries.
Redact values in reports, dashboards, and partner demos.
Move operational credentials to provider vaults and rotate exposed material.