Security
Key controls:
@secret_envredacts secret values from live output and persisted logs- explain output avoids leaking secret values
- runtime health and orphan lock recovery via
broski doctor
Recommendation: keep secrets out of committed task files and inject from environment/runtime secret stores.