How would it prevent an agent from writing a script that discovers the secret file? It's not magic.

It can't. As others pointed out, its the wrong layer to implement the security feature. The agent needs to operate in an isolated user / container.