Claude told me to revoke an API key I accidentally pasted (was for a side project and I was getting it on its legs) just flat out did not want it. I have a feeling that if it needs something out of an env file it will grep for the specific line.

Something pasted into the chat log by the user gets treated far differently from something that the agents discover and process on their own from disk.

During early stage dev Claude will happily gobble up API keys and DB passwords from .env files. Perhaps not such a big deal for early stage dev, but getting Claude to cough up precisely memorized tokens in the future by asking it to produce a "random" key of a certain sort will probably be an entertaining pastime for people in the future.

most of that is context guard rails, and as context grows, they become guard jello until itll just do whatevers most immediate.