Some AV / endpoint protection software could flag those files. Some corpo deep inspection software could flag those if downloaded / requested from the web.

The cc/geminicli were just an obfuscation method to basically run a find [...] > dump.txt

Oh, and static analysis tools might flag any code with find .env .wallet (whatever)... but they might not (yet) flag prompts :)