I Audited 1,000+ Prompts I Sent to AI Coding Tools. Here's What I Found.

I've been using AI coding tools daily for months. Claude Code, Cursor, Codex CLI, sometimes Aider. By rough estimate, I've sent over a thousand prompts to various AI services. Recently I built a tool to answer a simple question: what exactly did I send? The answer was uncomfortable. Finding 1: Leaked Credentials Running reprompt privacy --deep on my prompt history surfaced: 3 API keys (OpenAI, GitHub, one internal service) 1 JWT token (from a debugging session) 12 email addresses (from log outputs I pasted) 47 internal file paths (including home directory paths) None of these were pasted intentionally. They were in error messages, stack traces, and log outputs that I copy-pasted when asking the AI for help debugging. The typical pattern: "Fix this error: AuthenticationError: Invalid API key 'sk-proj-...' for model gpt-4" That prompt just sent my API key to whatever service processes it. Finding 2: Agent Error Loops reprompt agent analyzes Claude Code and Codex CLI sessions for workflow