How would it prevent an agent from writing a script that discovers the secret file? It's not magic.
replyIt can't. As others pointed out, its the wrong layer to implement the security feature. The agent needs to operate in an isolated user / container.
reply