Clipboard and Export Risks

PastePrompt is local-first, but copied and exported bundles are portable artifacts. Treat them like source-code snapshots.

What a bundle can contain

A generated bundle can include:

• Source code.
• File paths.
• Comments and TODOs.
• Git metadata.
• Git diffs.
• Prompt instructions.
• Test fixtures.
• Configuration examples.
• Redacted or unredacted scanner matches.

Even if no secret is present, this content may still be sensitive for a client, employer, private audit, or unreleased product.

Clipboard risk

Copying a bundle places it on the macOS clipboard. From there:

• You can paste it into the wrong app or chat.
• Clipboard history tools may retain it.
• Other local apps with clipboard access may be able to read it.
• Screen-sharing, remote desktop, or automation tools may expose clipboard contents.
• The clipboard can persist longer than you expect.

If your PastePrompt build includes a clear-clipboard action, use it after pasting sensitive bundles. If not, manually replace the clipboard with harmless text when you are done and review any clipboard manager you use.

Exported Markdown risk

Exported .md bundles are ordinary files. They can be:

• Saved in cloud-synced folders.
• Indexed by local search tools.
• Picked up by backup software.
• Attached to email or tickets.
• Committed to Git by mistake.
• Shared through collaboration tools.

Choose export locations deliberately. For sensitive audits, avoid synced folders unless that is part of an approved workflow.

After you paste into an LLM tool

PastePrompt does not control what happens after you paste, attach, or upload a bundle into another tool. The receiving service may have its own:

• Data retention rules.
• Workspace sharing settings.
• Admin visibility.
• Model training or opt-out controls.
• Logging and abuse-monitoring policies.
• Regional or enterprise controls.

Use LLM providers, accounts, and workspace settings that match the repository sensitivity and client requirements. For private audits, confirm the provider terms and organization policy before pasting source code.

Safer workflow

1. Keep the selected files focused.
2. Use .pastepromptignore for files that should never enter context.
3. Preview the generated bundle.
4. Run the secret scanner and resolve warnings.
5. Export only when you need an artifact.
6. Store exported bundles in a deliberate location.
7. Remove temporary exports after the review if they are no longer needed.
8. Clear or overwrite clipboard contents when possible.
9. Verify the destination before pasting.

Example

A sponsor fix review bundle may include the Git diff, changed source files, the original issue instructions, and a context hash. That bundle is useful evidence, but it may also reveal private code and security findings. Export it only to an approved project folder and paste it only into an approved LLM workspace.

Related docs

• Local-first model
• Secret scanning
• Exporting context
• Using with LLM tools