Natural-Language Sensitive File Disclosure Instruction - ATR-2026-00423 (e67471f4-8d73-5304-b5c4-7f6110481f72)
Detects natural-language imperative instructions that direct the agent to read, output, include, or attach the contents of well-known sensitive system files: /etc/passwd, /etc/shadow, ~/.ssh/id_rsa, ~/.aws/credentials, .env, ~/.config secrets, kubeconfig, etc. The discriminator from legitimate documentation is co-occurrence of an imperative read/output verb with a literal sensitive-file path. Mere mention of the filename in passing ("if you have a .env file") does NOT match — the rule requires a directive verb (read / cat / output / include / append / attach / disclose / reveal).