KR-AG-013: Secrets in Agent Prompt - Kiro Agents
Summary
- Rule ID:
KR-AG-013 - Severity:
HIGH - Category:
Kiro Agents - Normative Level:
MUST - Auto-Fix:
No - Verified On:
2026-03-06
Applicability
- Tool:
kiro - Version Range:
unspecified - Spec Revision:
unspecified
Evidence Sources
Test Coverage Metadata
- Unit tests:
true - Fixture tests:
true - E2E tests:
false
Examples
The following examples demonstrate what triggers this rule and how to fix it.
Invalid
{"prompt": "API_KEY=sk-live-secret123"}
Valid
{"prompt": "Use ${API_KEY} from env"}