Detecting if the embedded data is from a boarding pass is not difficult, nor is parsing it[0] and displaying it in a human-friendly format to "prove" that it's probably sensitive ("The boarding pass you posted belongs to John Smith and contains their American Airlines frequent flyer number. Are you sure you want to share this?")
[0] https://www.iata.org/whatwedo/stb/Documents/BCBP-Implementat...