Task definition defines sensitive environment variable(s).
You should not make secrets available to a user in plaintext in any scenario. Secrets can instead be pulled from a secure secret storage system by the service requiring them.
The following example will fail the AWS013 check.
The following example will pass the AWS013 check.