Natural-Language Credential / Secret Disclosure Instruction - ATR-2026-00422 (4157f821-8740-53bd-b4c4-0b3b9ccce6fe)
Detects natural-language imperative instructions that direct the agent to disclose, reveal, output, or include API keys, credentials, secrets, tokens, passwords, or environment variables in its response. The discriminator from legitimate documentation is co-occurrence of an imperative disclosure verb ("disclose", "reveal", "include", "append", "share with us") with a sensitive identifier ("API key", "credentials", "secret", "token", "password", "environment variable") and a directive form (you must / always / disclose any / append all). Plain references to API keys in setup docs do NOT match — the rule requires a directive verb in imperative voice.