guidance

Advice-oriented guidance rules that are useful, but intentionally not part of the core security baseline.

Advice-oriented maintenance and authoring review.

Explicitly turns on this rule set.

Coverage

Covered Rules

SEC353Copilot instructions: exceeds 4000 charsGitHub Copilot instruction markdown exceeds the 4000-character guidance limitguidancequalitymarkdown

SEC354Copilot instructions: missing `applyTo`Path-specific GitHub Copilot instruction markdown is missing `applyTo` frontmatterguidancequalitymarkdown

SEC355AI markdown: wildcard tool grantAI-native markdown frontmatter grants wildcard tool accessguidancehardeningmarkdown

SEC356Plugin agent: `permissionMode` in frontmatterPlugin agent frontmatter sets `permissionMode`guidancequalitymarkdown

SEC357Plugin agent: `hooks` in frontmatterPlugin agent frontmatter sets `hooks`guidancequalitymarkdown

SEC358Plugin agent: `mcpServers` in frontmatterPlugin agent frontmatter sets `mcpServers`guidancequalitymarkdown

SEC359Cursor rule: `alwaysApply` typeCursor rule frontmatter `alwaysApply` must be booleanguidancequalitymarkdown

SEC360Cursor rule: `globs` typeCursor rule frontmatter `globs` must be a sequence of patternsguidancequalitymarkdown

SEC370Copilot instructions: wrong path-specific suffixPath-specific GitHub Copilot instruction markdown under `.github/instructions/` uses the wrong file suffixguidancequalitymarkdown

SEC371Copilot instructions: invalid `applyTo` shapePath-specific GitHub Copilot instruction markdown has an invalid `applyTo` shapeguidancequalitymarkdown

SEC377Copilot instructions: invalid `applyTo` globPath-specific GitHub Copilot instruction markdown has an invalid `applyTo` glob patternguidancequalitymarkdown

SEC378Cursor rule: redundant `globs` with `alwaysApply`Cursor rule frontmatter should not set `globs` when `alwaysApply` is `true`guidancequalitymarkdown

SEC379Cursor rule: unknown frontmatter keyCursor rule frontmatter contains an unknown keyguidancequalitymarkdown

SEC380Cursor rule: missing `description`Cursor rule frontmatter should include `description`guidancequalitymarkdown

SEC416AI markdown: Claude bare pip installAI-native markdown models Claude package installation with bare `pip install` despite explicit `uv` preference guidanceguidancequalitymarkdown

What This Preset Enables

The guidance preset enables advice-oriented rules that are useful, but intentionally not part of the core security baseline.

Typical examples include:

Copilot instruction layout and applyTo contract checks
Claude transcript consistency when a document explicitly prefers uv over bare pip install
Cursor rule frontmatter hygiene and maintainability checks
plugin-agent frontmatter boundary checks
least-privilege advice such as wildcard tool grants in shared AI-native markdown

When To Use It

Use it when you want product guidance such as Copilot instruction layout checks, Claude package-manager consistency checks, Cursor rule contract checks, or plugin-frontmatter boundary checks without turning those checks into headline security findings.

Tradeoffs

These checks are intentionally advisory and should not be confused with the main trust-surface security contract.

guidance

Covered Rules

What This Preset Enables ​

When To Use It ​

Tradeoffs ​

What This Preset Enables

When To Use It

Tradeoffs