diff --git a/.jules/sentinel.md b/.jules/sentinel.md
new file mode 100644
index 0000000..120aa31
--- /dev/null
+++ b/.jules/sentinel.md
@@ -0,0 +1,4 @@
+## 2024-04-10 - Hardcoded password in tests
+**Vulnerability:** A hardcoded password ("kanbanery") was found in a comment in `tests/inference_test.py`.
+**Learning:** Hardcoded credentials even in test comments or disabled code are security risks and violate security conventions.
+**Prevention:** Never hardcode passwords in test files or comments. Use environment variables (e.g., TEST_PDF_PASSWORD) instead.
diff --git a/tests/inference_test.py b/tests/inference_test.py
index 62b9474..21a6ae3 100644
--- a/tests/inference_test.py
+++ b/tests/inference_test.py
@@ -44,7 +44,7 @@ def test_mutlinline(tmp_path):
 
 
 def test_encrypted_failure(tmp_path):
-    # Reminder to future Joe: password for encrypted PDF is "kanbanery"
+    # Reminder to future Joe: password for encrypted PDF should be provided via environment variable, e.g., os.environ.get("TEST_PDF_PASSWORD")
     output_path = tmp_path / "output.pdf"
 
     with pytest.raises(commonforms.exceptions.EncryptedPdfError):