UI warns users not to enter sensitive data

Why it matters

GDPR Article 5(1)(c) data minimization applies to what users are encouraged to submit, not just what the application collects programmatically. Developer tools, customer support AI, and general-purpose chat interfaces are contexts where users routinely paste credentials, API keys, database connection strings, and personal account details — often because they are troubleshooting and it is the fastest way to show the problem. Without a visible advisory, users have no prompt to reconsider. A single line of placeholder text or helper text shifts user behavior at essentially zero implementation cost.

Remediation

Update the AI chat input placeholder or add adjacent helper text. Placeholder text alone is insufficient — it disappears when the user starts typing — so pair it with persistent helper text below the input.

<textarea
  placeholder="Ask a question... (please don't share passwords or API keys)"
  className="..."
/>
<p className="text-xs text-muted-foreground mt-1">
  Do not share passwords, API keys, or sensitive personal information.
</p>

For developer tool contexts where API keys are a specific risk, be explicit: "Do not paste API keys, database URLs, or credentials." Keep the text short — a sentence that users actually read is better than a paragraph they skip.

Detection

ID: ai-data-privacy.pii-protection.sensitive-input-warning
Severity: info
What to look for: Enumerate every relevant item. Examine the AI chat input component for placeholder text, helper text, or tooltip content. Look for text advising users not to enter sensitive information — passwords, API keys, credit card numbers, social security numbers, or other confidential data. Search for strings like "don't share", "avoid entering", "do not paste", "sensitive", "confidential", or "passwords" in chat input component files.
Pass criteria: At least 1 of the following conditions is met. The AI chat input includes placeholder text or adjacent helper text that explicitly advises users not to enter sensitive or confidential information.
Fail criteria: The AI chat input has generic placeholder text (e.g., "Ask a question...", "Type a message...") or no placeholder text, with no advisory against entering sensitive data.
Skip (N/A) when: Input is not free-text (selection-only interfaces, structured form inputs feeding into an AI pipeline where users cannot enter arbitrary text).
Detail on fail: "AI chat input in [file] has no advisory text discouraging users from entering sensitive or confidential information"
Remediation: Users often paste credentials, API keys, or personal details into chat interfaces — especially in developer tools or customer support contexts. A simple prompt reduces this risk.

Update the input placeholder:
```
<textarea
  placeholder="Ask a question... (please don't share passwords, API keys, or personal info)"
  // ...
/>
```
Or add helper text below the input:
```
<p className="text-xs text-muted-foreground">
  Do not share passwords, API keys, or sensitive personal information.
</p>
```

Why it matters

Remediation

<textarea
  placeholder="Ask a question... (please don't share passwords or API keys)"
  className="..."
/>
<p className="text-xs text-muted-foreground mt-1">
  Do not share passwords, API keys, or sensitive personal information.
</p>

Detection

ID: ai-data-privacy.pii-protection.sensitive-input-warning
Severity: info
What to look for: Enumerate every relevant item. Examine the AI chat input component for placeholder text, helper text, or tooltip content. Look for text advising users not to enter sensitive information — passwords, API keys, credit card numbers, social security numbers, or other confidential data. Search for strings like "don't share", "avoid entering", "do not paste", "sensitive", "confidential", or "passwords" in chat input component files.
Pass criteria: At least 1 of the following conditions is met. The AI chat input includes placeholder text or adjacent helper text that explicitly advises users not to enter sensitive or confidential information.
Fail criteria: The AI chat input has generic placeholder text (e.g., "Ask a question...", "Type a message...") or no placeholder text, with no advisory against entering sensitive data.
Skip (N/A) when: Input is not free-text (selection-only interfaces, structured form inputs feeding into an AI pipeline where users cannot enter arbitrary text).
Detail on fail: "AI chat input in [file] has no advisory text discouraging users from entering sensitive or confidential information"
Remediation: Users often paste credentials, API keys, or personal details into chat interfaces — especially in developer tools or customer support contexts. A simple prompt reduces this risk.

Update the input placeholder:
```
<textarea
  placeholder="Ask a question... (please don't share passwords, API keys, or personal info)"
  // ...
/>
```
Or add helper text below the input:
```
<p className="text-xs text-muted-foreground">
  Do not share passwords, API keys, or sensitive personal information.
</p>
```

UI warns users not to enter sensitive data

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History

UI warns users not to enter sensitive data

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History