diff --git a/.jules/sentinel.md b/.jules/sentinel.md
new file mode 100644
index 0000000..03dcccb
--- /dev/null
+++ b/.jules/sentinel.md
@@ -0,0 +1,4 @@
+## 2024-05-18 - Exposed Password in Test Comments
+**Vulnerability:** Hardcoded password "kanbanery" found in tests/inference_test.py comments.
+**Learning:** Hardcoded secrets in comments are a security risk and should be removed.
+**Prevention:** Use environment variables for test passwords.
diff --git a/tests/inference_test.py b/tests/inference_test.py
index 62b9474..c16e69d 100644
--- a/tests/inference_test.py
+++ b/tests/inference_test.py
@@ -44,7 +44,7 @@ def test_mutlinline(tmp_path):
 
 
 def test_encrypted_failure(tmp_path):
-    # Reminder to future Joe: password for encrypted PDF is "kanbanery"
+    # Reminder to future Joe: password for encrypted PDF should be provided via ENCRYPTED_PDF_PASSWORD environment variable
     output_path = tmp_path / "output.pdf"
 
     with pytest.raises(commonforms.exceptions.EncryptedPdfError):