Capsule includes several out-of-the-box policies that detect exposure of sensitive data during coding agent sessions. These policies cover credentials, personally identifiable information (PII), payment card data (PCI), and business intelligence. This page describes each data leakage policy and how to test it.
Capsule continuously monitors agent sessions for sensitive data exposure. Both user messages and tool outputs (file writes, shell commands, MCP calls) are analyzed. When a policy violation is detected, Capsule records the evidence and raises a violation at the appropriate severity level.
Data leakage policies fall into three categories:
- Runtime policies trigger on user messages at Medium severity.
- Tool invocation policies trigger on tool outputs at High severity.
- Public agent policies trigger at Critical severity for agents with Public accessibility.
Capsule ships with two policies that detect credential exposure during agent sessions:
- Credentials Leakage in Runtime -- Monitors user messages for exposed secrets. Severity: Medium.
- Credentials Leakage with Tool Invocation -- Monitors tool outputs (file writes, shell commands) for exposed secrets. Severity: High.
Real, usable secrets visible in the session -- API keys, passwords, database connection strings with embedded credentials, authentication tokens, and private keys.
Open your coding agent (for example, Claude Code or Cursor) and use the following prompt:
Create a configuration file called config.env with the following values:
DATABASE_URL=postgresql://admin:P@ssw0rd_Prod_2024!@prod-db.internal.company.com:5432/customers
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
STRIPE_SECRET_KEY=sk_live_51HG3jK2eZvKYlo2C0EXAMPLE123456789abcdef
OPENAI_API_KEY=sk-proj-abc123def456ghi789jkl012mno345pqr678stu901vwxThe agent will create the file with these credentials visible in the session transcript.
Navigate to Policies > Violations in the Capsule portal. You should see a violation with:
- The policy name: Credentials Leakage in Runtime or Credentials Leakage with Tool Invocation
- Evidence showing the exposed credential values (redacted in the portal for safety)
- Severity: Medium or High depending on whether the detection came from a message or tool output
- Placeholder values like "your-api-key-here" or masked values like "sk-...XXXX"
- Environment variable names without actual values
- Mock or test credentials in test files
- Well-known example keys from documentation
Capsule ships with two policies that detect exposure of personally identifiable information during agent sessions:
- PII Leakage in Runtime -- Monitors user messages for exposed PII. Severity: Medium.
- PII Leakage with Tool Invocation -- Monitors tool outputs (file writes, shell commands) for exposed PII. Severity: High.
Sensitive personal identifiers linked to a person's identity -- names paired with Social Security numbers, email addresses combined with dates of birth, or any combination that could identify a specific individual.
Open your coding agent and use the following prompt:
Create a CSV file called employee_records.csv with the following data:
full_name,email,ssn,date_of_birth,address
John Smith,john.smith@company.com,123-45-6789,1985-03-15,"123 Oak Street, Springfield, IL 62701"
Sarah Johnson,sarah.j@company.com,987-65-4321,1990-07-22,"456 Maple Ave, Portland, OR 97201"
Michael Chen,m.chen@company.com,456-78-9012,1988-11-30,"789 Pine Rd, Austin, TX 73301"The agent will create the file, exposing linked PII (names, SSNs, and emails) in the session.
Navigate to Policies > Violations in the Capsule portal. You should see a violation with:
- The policy name: PII Leakage in Runtime or PII Leakage with Tool Invocation
- Evidence showing the linked PII records (redacted in the portal for safety)
- Severity: Medium or High depending on whether the detection came from a message or tool output
- Single unlinked data points (just an email address or just a phone number)
- Mock or placeholder data (for example, "Jane Doe" or "000-00-0000")
- UI labels or field names like "SSN field" without actual values
- Code that references PII fields but does not contain actual values
- Discussions about PII handling without exposing real data
Capsule ships with two policies that detect exposure of payment card industry data during agent sessions:
- PCI Leakage in Runtime -- Monitors user messages for exposed payment card data. Severity: Medium.
- PCI Leakage with Tool Invocation -- Monitors tool outputs (file writes, shell commands) for exposed payment card data. Severity: High.
Complete payment card numbers, cardholder details paired with card numbers, security codes (CVVs), and expiration dates associated with full card numbers.
Open your coding agent and use the following prompt:
Create a file called payment_records.json with sample transaction data:
[
{
"cardholder": "John Smith",
"card_number": "4532015112830366",
"expiry": "12/2027",
"cvv": "847",
"amount": 299.99
},
{
"cardholder": "Sarah Johnson",
"card_number": "5425233430109903",
"expiry": "08/2026",
"cvv": "512",
"amount": 1549.00
}
]The agent will create the file with full card numbers and CVVs in the session transcript.
Navigate to Policies > Violations in the Capsule portal. You should see a violation with:
- The policy name: PCI Leakage in Runtime or PCI Leakage with Tool Invocation
- Evidence showing the complete card numbers and cardholder details (redacted in the portal for safety)
- Severity: Medium or High depending on whether the detection came from a message or tool output
- Masked card numbers (for example, "--****-0366")
- Last 4 digits only
- Test card numbers from payment processor documentation (for example, Stripe test cards)
- Card field names without actual data
- BIN numbers (first 6 digits) without the full card number
- Discussions about PCI compliance without actual card data
This policy detects exposure of confidential business data -- revenue figures, profit margins, M&A targets, competitive strategies -- in agents that are accessible to broader audiences.
- Business Intelligence Leakage in shared Agents -- Severity: High. Only triggers for agents with Tenant or Public accessibility.
Confidential business information such as internal revenue numbers, acquisition targets and deal values, competitive intelligence, unreleased pricing strategies, and board-level financial summaries.
Open your coding agent and use the following prompt:
Create a financial summary document called q4_board_report.md with:
# Q4 2024 Board Report - CONFIDENTIAL
## Revenue
- Total Revenue: $47.3M (up 23% YoY)
- ARR: $189.2M
- Net Revenue Retention: 127%
## Acquisition Pipeline
- Target: Acme Corp - Offer: $340M - Status: Due diligence
- Target: Beta Systems - Offer: $85M - Status: LOI signed
## Competitive Intelligence
- Competitor X launching similar product in Q2 2025
- Our market share: 34%, up from 28%
- Planned pricing increase: 15% effective March 2025The agent will create the document with confidential business data visible in the session.
Navigate to Policies > Violations in the Capsule portal. You should see a violation with:
- The policy name: Business Intelligence Leakage in shared Agents
- Evidence showing the confidential business data (revenue figures, M&A targets, competitive intelligence)
- Severity: High
- General operational discussions without specific confidential figures
- Internal development work referencing business metrics in code
- Public financial data already available externally
- Agents with private or limited accessibility -- this policy only applies to agents with Tenant or Public accessibility
These three policies provide critical-severity protection specifically for publicly accessible agents:
- Credentials Leakage in Public Agents -- Critical severity
- PII Leakage in Public Agents -- Critical severity
- PCI Leakage in Public Agents -- Critical severity
These are stricter versions of the runtime leakage policies above. They trigger at Critical severity because public agents pose a higher risk -- leaked data could be visible to anyone.
Use the same test prompts from the Credentials, PII, or PCI sections above, but with an agent that has Public accessibility configured.
Navigate to Policies > Violations in the Capsule portal. You should see a Critical-severity violation with the corresponding public agent policy name (for example, Credentials Leakage in Public Agents).
After running any test scenario:
- Allow some time for the session to be analyzed.
- Navigate to Policies > Violations in the Capsule portal.
- Filter by the relevant policy name.
- Click the violation to review evidence and the originating session.