.agentsignore is NOT a security tool.

It's a good idea as a hint to agents about what files it should ignore (because they'd be of no value and only chew up tokens).

However, using it to prevent exposure of secrets would be a BIG mistake. There's simply no way to guarantee that an agent will ignore things in the ignore file. And even a harness-enforced restriction would still be in-process, which a rogue agent could trivially compromise. For security, use a sandbox. Nothing else will do.

I do AI sandboxes (FOSS, free forever, no rug pull): https://github.com/kstenerud/yoloai