lintai docs

Appearance

Rule Reference

SEC312lintai-ai-securitythreat-reviewsecuritystablemarkdownwarn

Markdown: private key material

Markdown contains committed private key material

Public lane
threat-review
Category
security
Provider
lintai-ai-security
Scope
per-file
Surface
markdown
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message only
How to read this lane

Explicit malicious, secret-bearing, or spyware-like review.

How to read this category

Strong exploit, secret, or unsafe-execution signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

threat-reviewsidecar lane
skillssurface preset

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Matches explicit committed private-key PEM markers inside agent markdown surfaces.

Deterministic signal basis

MarkdownSignals private-key marker observation across parsed markdown regions excluding placeholder examples.

Malicious corpus
skill-private-key-pem
Benign corpus
skill-public-key-pem-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule positioned as an explicit threat-review control: high-signal malicious, credential-bearing, or spyware-like behavior that stays opt-in rather than shaping the quiet default.

Nearby Signals

Related Rules

SEC101HTML comment: dangerous instructionsHidden HTML comment contains dangerous agent instructionsthreat-reviewauditmarkdown
SEC102Markdown: remote execution instructionMarkdown contains remote download-and-execute instruction outside code blocksthreat-reviewauditmarkdown
SEC103HTML comment: remote execution instructionHidden HTML comment contains remote download-and-execute instructionthreat-reviewauditmarkdown
SEC104Markdown: base64 executable payloadMarkdown contains a base64-decoded executable payload outside code blocksthreat-reviewauditmarkdown
SEC105Markdown: parent-directory file accessMarkdown instructions reference parent-directory traversal for file accessthreat-reviewauditmarkdown
SEC313Shell example: remote content piped to shellFenced shell example pipes remote content directly into a shellthreat-reviewauditmarkdown

Why It Matters

SEC312 flags markdown that contains committed private key material in PEM form.

Unlike general secret-pattern heuristics, this rule looks for real PEM private-key markers. That makes it a much stronger signal that sensitive key material has been committed into documentation or examples.

What Triggers

SEC312 triggers when markdown contains a PEM-style private key marker such as:

  • -----BEGIN RSA PRIVATE KEY-----
  • -----BEGIN OPENSSH PRIVATE KEY-----
  • -----BEGIN EC PRIVATE KEY-----
  • -----BEGIN PRIVATE KEY-----

Example that triggers:

pem
-----BEGIN OPENSSH PRIVATE KEY-----
...
-----END OPENSSH PRIVATE KEY-----

Examples that stay clean:

  • public key PEM blocks such as -----BEGIN PUBLIC KEY-----
  • search-string literals like memory search "BEGIN RSA PRIVATE KEY"
  • obviously redacted placeholders such as example private key

False Positives

This is one of the cleaner markdown security signals because it requires a real PEM private-key marker instead of a generic substring. Recent fixes explicitly stopped matching search-string literals like "BEGIN RSA PRIVATE KEY" without PEM framing.

This rule now lives in threat-review because committed private key material is high-signal and serious, but it should stay in an explicit credential-bearing review lane instead of defining the softer preview experience for markdown.

Remediation

Remove the private key from the repository, rotate the affected credential if it was real, and replace the example with a redacted placeholder or non-sensitive public material.