diff --git a/plan/task/inputsecretexec.go b/plan/task/inputsecretexec.go
index 33fb8f63..7d3f6244 100644
--- a/plan/task/inputsecretexec.go
+++ b/plan/task/inputsecretexec.go
@@ -2,6 +2,7 @@ package task
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"os"
 	"os/exec"
@@ -49,6 +50,10 @@ func (c *inputSecretExecTask) Run(ctx context.Context, pctx *plancontext.Context
 	// sec audited by @aluzzardi and @mrjones
 	out, err := cmd.Output()
 	if err != nil {
+		var exitErr *exec.ExitError
+		if errors.As(err, &exitErr) {
+			return nil, errors.New(string(exitErr.Stderr))
+		}
 		return nil, err
 	}
 
diff --git a/tests/plan.bats b/tests/plan.bats
index f6aaaec0..e81a2afc 100644
--- a/tests/plan.bats
+++ b/tests/plan.bats
@@ -65,21 +65,18 @@ setup() {
 	assert_output --partial 'conflicting values "local directory" and "local dfsadf"'
 }
 
-@test "plan/inputs/secrets exec" {
+@test "plan/inputs/secrets" {
   cd "$TESTDIR"
   "$DAGGER" --europa up ./plan/inputs/secrets/exec.cue
-}
-
-@test "plan/inputs/secrets exec relative" {
-  cd "$TESTDIR"
-  "$DAGGER" --europa up ./plan/inputs/secrets/exec.cue
-}
-
-@test "plan/inputs/secrets invalid command" {
-  cd "$TESTDIR"
+  "$DAGGER" --europa up ./plan/inputs/secrets/exec_relative.cue
+  
   run "$DAGGER" --europa up ./plan/inputs/secrets/invalid_command.cue
 	assert_failure
 	assert_output --partial 'failed: exec: "rtyet": executable file not found'
+  
+  run "$DAGGER" --europa up ./plan/inputs/secrets/invalid_command_options.cue
+	assert_failure
+	assert_output --partial 'illegal option'
 }
 
 @test "plan/with" {
diff --git a/tests/plan/inputs/secrets/invalid_command_options.cue b/tests/plan/inputs/secrets/invalid_command_options.cue
new file mode 100644
index 00000000..ae8c21a1
--- /dev/null
+++ b/tests/plan/inputs/secrets/invalid_command_options.cue
@@ -0,0 +1,34 @@
+package main
+
+import (
+	"alpha.dagger.io/europa/dagger/engine"
+)
+
+engine.#Plan & {
+	inputs: secrets: echo: command: {
+		name: "cat"
+		args: ["--sfgjkhf"] // // should fail because invalid option
+	}
+
+	actions: {
+
+		image: engine.#Pull & {
+			source: "alpine:3.15.0@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3"
+		}
+
+		verify: engine.#Exec & {
+			input: image.output
+			mounts: secret: {
+				dest:     "/run/secrets/test"
+				contents: inputs.secrets.echo.contents
+			}
+			args: [
+				"sh", "-c",
+				#"""
+					test "$(cat /run/secrets/test)" = "hello europa"
+					ls -l /run/secrets/test | grep -- "-r--------"
+					"""#,
+			]
+		}
+	}
+}