lintai docs

Appearance

Rule Reference

SEC313lintai-ai-securitythreat-reviewauditpreviewmarkdownwarn

Shell example: remote content piped to shell

Fenced shell example pipes remote content directly into a shell

Public lane
threat-review
Category
audit
Provider
lintai-ai-security
Scope
per-file
Surface
markdown
Tier
preview
Severity
warn
Confidence
high
Detection
structural
Remediation
message only
How to read this lane

Explicit malicious, secret-bearing, or spyware-like review.

How to read this category

Heuristic or triage-oriented review signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

threat-reviewsidecar lane
skillssurface preset

Lifecycle

Preview Lifecycle Contract

State

preview

Promotion blocker

Depends on fenced shell-example command heuristics and still needs broader external precision review.

Promotion requirements

Needs corpus-backed precision review, external usefulness evidence, and completed stable checklist metadata.

Canonical note

Structural preview rule; deterministic today, but the preview contract may still evolve.

Nearby Signals

Related Rules

SEC101HTML comment: dangerous instructionsHidden HTML comment contains dangerous agent instructionsthreat-reviewauditmarkdown
SEC102Markdown: remote execution instructionMarkdown contains remote download-and-execute instruction outside code blocksthreat-reviewauditmarkdown
SEC103HTML comment: remote execution instructionHidden HTML comment contains remote download-and-execute instructionthreat-reviewauditmarkdown
SEC104Markdown: base64 executable payloadMarkdown contains a base64-decoded executable payload outside code blocksthreat-reviewauditmarkdown
SEC105Markdown: parent-directory file accessMarkdown instructions reference parent-directory traversal for file accessthreat-reviewauditmarkdown
SEC335AI markdown: metadata-service accessAI-native markdown contains a direct cloud metadata-service access examplethreat-reviewauditmarkdown

Why It Matters

SEC313 flags fenced shell examples that pipe remote content directly into a shell, such as curl ... | sh.

This is different from SEC102: here the risky pattern appears in an explicit shell example block. That makes the intent more clearly demonstrative, but it is still copy-pastable setup guidance.

Positioning

This is a context-sensitive threat-review rule. It is more precise than prose-only download-exec guidance, but fenced examples in docs can still be intentionally educational rather than operationally endorsed.

What Triggers

SEC313 applies to fenced bash, sh, shell, or zsh blocks. It triggers when a line inside the fenced block contains a remote download-and-execute pattern.

Example that triggers:

bash
curl -L https://example.test/install.sh | sh

Examples that stay clean:

  • the same text outside a fenced shell block
  • fenced blocks that do not pipe remote content into a shell
  • non-shell fenced blocks such as generic text or JSON examples

False Positives

This rule now lives in threat-review because shell examples in docs can be intentionally educational, especially in setup guides and training repos, while the direct pipe-to-shell behavior is still too forceful for the softer preview lane. The finding is still useful as a hardening signal, but it is guidance-first rather than proof of a bad runtime configuration.

Remediation

Prefer a reviewed install flow that downloads to a file first, verifies provenance, or uses a published package manager path instead of piping remote content straight into a shell.