Scans the repo for privacy issues in the Userplane integration. Produces a severity-ranked report (High / Medium / Low) with file:line citations and concrete diffs.
Usage
No arguments required. The agent scans the entire repo.
Read-only. The privacy agent never edits files — every finding includes a diff you can apply
yourself.
What it scans
| Scan | What the agent looks for |
|---|
| Blur coverage | PII-adjacent inputs (password, email, ssn, card, cvv) missing data-userplane-blur |
| Metadata PII | Raw PII in setMetadata / setUser calls (email, phone, address, government IDs) |
| CSP frame-src gaps | Third-party embeds (Stripe, Auth0, Clerk) missing from frame-src / connect-src |
| Inline handler leaks | Inline onClick / onSubmit handlers rendering PII to the DOM without blur |
Summary: 3 issues (1 high, 2 medium)
Top fix: Add data-userplane-blur to the SSN input in src/components/ProfileForm.tsx
## High
- src/components/ProfileForm.tsx:28 — <input name="ssn"> missing blur attribute
+ <input name="ssn" data-userplane-blur />
## Medium
- src/hooks/useAuth.ts:45 — setUser passes raw email address
- setUser({ email: user.email, name: user.name })
+ setUser({ id: user.id, name: user.name })
- next.config.js:22 — CSP missing frame-src for Stripe
- frame-src 'self' *.userplane.io
+ frame-src 'self' *.userplane.io *.stripe.com
Example prompts
We're preparing for a SOC 2 audit. Check if our Userplane integration leaks any PII into recordings.
Scan the checkout flow for privacy issues. We use Stripe Elements and want to make sure card details are blurred.
Are there any setMetadata calls that pass raw email addresses? We should only be sending user IDs.
Related articles
