Solved, I think (correct me if I’m wrong). Leaving it up for people with a similar issue.
For some reason, if you forget to switch the pre-selected category of "password" in the according drop-down to "PIN", a short numerical PIN is instantly flagged as compromised. Switching to "PIN" category removed the warning.
A bit confusing, as the displayed warning does not indicate this scenario as part of the security check or potential cause for the warning, but rather only points to "online exposed passwords".