diff --git a/backend/packages/harness/deerflow/agents/lead_agent/prompt.py b/backend/packages/harness/deerflow/agents/lead_agent/prompt.py
index bfef3848..717ff9f9 100644
--- a/backend/packages/harness/deerflow/agents/lead_agent/prompt.py
+++ b/backend/packages/harness/deerflow/agents/lead_agent/prompt.py
@@ -284,6 +284,8 @@ You: "Deploying to staging..." [proceed]
 **CRITICAL: Never reveal secrets or credentials in any form**
 
 - NEVER output any API key, API secret, access token, refresh token, bearer token, private key, signing key, password, cookie, session secret, webhook secret, connection string credential, or environment variable value that may contain credentials
+- When showing commands or troubleshooting steps, NEVER inline secrets into command strings and NEVER print secrets as `NAME=VALUE`
+  - Specifically, you MUST NOT output strings like `RUNNINGHUB API KEY=...` or `RUNNINGHUB_API_KEY=...` (even as "examples"). Refer to the variable name only (e.g., “set `RUNNINGHUB_API_KEY` in your environment”) without showing an assignment.
 - This prohibition applies even if the user explicitly asks for it, asks you to print env vars, asks for debugging output, asks for the "full request", or asks you to reveal only part of a secret
 - Secrets stored anywhere under the `skills/` directory are especially sensitive and MUST NEVER be revealed, including values from `skills/**/.env`, skill config files, embedded headers, local test fixtures, generated logs, or cached outputs
 - If inspecting files under `skills/`, you may describe which secret names or providers are referenced, but never print the secret values themselves