What must never reach the model or the repository
Agentic coding tools read files, diffs, and pasted snippets to suggest edits. Anything that enters that loop can be retained in logs, echoed in PR text, or pushed to a remote Git host. Treat the model context and the repo as semi-public unless you have enterprise guarantees and strict data-handling contracts.
Widgets in this lesson: the graph shows who sees what; text-blocks summarize non-negotiable rules; grid cards group sensitive data types; the table contrasts safe vs forbidden patterns; the pipeline is a mental checklist before you paste.
Trust boundaries
Click to reveal how data flows toward the model and remotes—treat every arrow as a potential leak surface.
Your workstation
🤖IDE / agent
☁️Model provider
📦Git remote
📋CI logs
Non-negotiables
Golden rules
If you would not paste it into a public gist, do not put it in a prompt, commit message, or agent-accessible file without controls.
Production credentials, customer PII, unreleased financials, and attorney–privileged material are all out of scope for default agent workflows.
Third-party or GPL-licensed code may impose redistribution rules—blind copy-paste into a repo can create compliance debt.
Categories of sensitive material
Expand a card—use these categories when reviewing what the agent can read in your workspace.
🔑
Secrets & keys
👤
PII & identity
📊
Business-critical
⚖️
License & IP
Prompt / commit / file: quick comparison
The agent can combine all three surfaces in one session—assume overlap when assessing risk.
| Surface | Risk pattern |
|---|---|
| Chat / prompt | Ephemeral but may be logged; avoid raw secrets even if UI feels private. |
| Git commits | Immutable history—rotating a leaked key is not enough if old commits still contain it. |
| Workspace files | Large context windows may pull in .env or dumps if not gitignored—verify globs. |
Before you paste or approve a diff
Run this mentally for every high-stakes snippet—especially when tired.
⏸️
Pause
What is this?
→
🧹
Redact
tokens & PII
→
🔍
Scope
least files
→
✅
Paste / ship
if still safe
⚠️Enterprise retention policies vary—when in doubt, ask security or use an approved anonymized fixture instead of real data.