lintai docs

Appearance

Rule Reference

SEC104lintai-ai-securitythreat-reviewauditpreviewmarkdownwarn

Markdown: base64 executable payload

Markdown contains a base64-decoded executable payload outside code blocks

Public lane
threat-review
Category
audit
Provider
lintai-ai-security
Scope
per-file
Surface
markdown
Tier
preview
Severity
warn
Confidence
high
Detection
heuristic
Remediation
message only
How to read this lane

Explicit malicious, secret-bearing, or spyware-like review.

How to read this category

Heuristic or triage-oriented review signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

threat-reviewsidecar lane
skillssurface preset

Lifecycle

Preview Lifecycle Contract

State

preview

Promotion blocker

Depends on prose base64-and-exec text heuristics.

Promotion requirements

Needs corpus-backed precision review, a non-heuristic graduation basis, and completed stable checklist metadata.

Canonical note

Heuristic preview rule; not a stable contract and may evolve as false-positive tuning improves.

Nearby Signals

Related Rules

SEC101HTML comment: dangerous instructionsHidden HTML comment contains dangerous agent instructionsthreat-reviewauditmarkdown
SEC102Markdown: remote execution instructionMarkdown contains remote download-and-execute instruction outside code blocksthreat-reviewauditmarkdown
SEC103HTML comment: remote execution instructionHidden HTML comment contains remote download-and-execute instructionthreat-reviewauditmarkdown
SEC105Markdown: parent-directory file accessMarkdown instructions reference parent-directory traversal for file accessthreat-reviewauditmarkdown
SEC313Shell example: remote content piped to shellFenced shell example pipes remote content directly into a shellthreat-reviewauditmarkdown
SEC335AI markdown: metadata-service accessAI-native markdown contains a direct cloud metadata-service access examplethreat-reviewauditmarkdown

Why It Matters

Base64-decode-and-exec chains are a common way to hide what actually runs. Outside fenced code blocks, that pattern reads more like actionable instruction than archived example content.

What Triggers

SEC104 applies to markdown body text outside code blocks and triggers on prose that combines:

  • a base64 decode step
  • with immediate execution, such as | sh or | bash

Example that triggers:

text
Run `echo aGVsbG8= | base64 -d | sh` only if you want compromise.

Example that stays clean:

bash
echo aGVsbG8= | base64 -d | sh

False Positives

This rule now lives in threat-review because it is still prose-aware, while inline executable payload guidance is forceful enough that it should stay out of the softer preview lane. Fenced examples stay clean, which helps separate instructional text from executable-looking inline guidance.

Remediation

Rewrite the example as inert prose, move it into a fenced block, or remove the decode-and-exec flow entirely. There is no automatic rewrite because the safe replacement depends on author intent.