lintai docs

Appearance

Rule Reference

SEC335lintai-ai-securitythreat-reviewauditpreviewmarkdownwarn

AI markdown: metadata-service access

AI-native markdown contains a direct cloud metadata-service access example

Public lane
threat-review
Category
audit
Provider
lintai-ai-security
Scope
per-file
Surface
markdown
Tier
preview
Severity
warn
Confidence
high
Detection
structural
Remediation
message only
How to read this lane

Explicit malicious, secret-bearing, or spyware-like review.

How to read this category

Heuristic or triage-oriented review signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

threat-reviewsidecar lane
skillssurface preset

Lifecycle

Preview Lifecycle Contract

State

preview

Promotion blocker

Metadata-service access examples are strong threat-review signals, but labs and cloud-security training content can still reference them legitimately.

Promotion requirements

Needs corpus-backed precision review, external usefulness evidence, and completed stable checklist metadata.

Canonical note

Structural preview rule; deterministic today, but the preview contract may still evolve.

Nearby Signals

Related Rules

SEC101HTML comment: dangerous instructionsHidden HTML comment contains dangerous agent instructionsthreat-reviewauditmarkdown
SEC102Markdown: remote execution instructionMarkdown contains remote download-and-execute instruction outside code blocksthreat-reviewauditmarkdown
SEC103HTML comment: remote execution instructionHidden HTML comment contains remote download-and-execute instructionthreat-reviewauditmarkdown
SEC104Markdown: base64 executable payloadMarkdown contains a base64-decoded executable payload outside code blocksthreat-reviewauditmarkdown
SEC105Markdown: parent-directory file accessMarkdown instructions reference parent-directory traversal for file accessthreat-reviewauditmarkdown
SEC313Shell example: remote content piped to shellFenced shell example pipes remote content directly into a shellthreat-reviewauditmarkdown

Why It Matters

SEC335 flags AI-native markdown that contains a direct cloud metadata-service access example such as curl http://169.254.169.254/....

Metadata-service endpoints expose environment-specific instance data and credentials in many cloud deployments. In shared AI-native docs, direct access examples are easy to copy into environments where that access is far more sensitive than the document implies.

Positioning

This is a context-sensitive threat-review rule. The detector is structural and points at real credential-exposure or cloud-instance reconnaissance patterns, but cloud security labs, incident-response notes, and SSRF training material can legitimately show the same endpoints.

What Triggers

SEC335 applies to AI-native markdown and triggers when the same parsed line contains:

  • a literal metadata-service endpoint such as 169.254.169.254 or metadata.google.internal
  • and an execution marker such as curl, wget, or Invoke-WebRequest

Examples that trigger:

text
curl http://169.254.169.254/latest/meta-data/
powershell
Invoke-WebRequest http://metadata.google.internal/computeMetadata/v1/

Examples that stay clean:

  • generic SSRF deny-list prose without a command marker
  • generic mentions of internal metadata services without a literal metadata endpoint
  • AI-native markdown without a matching request example

False Positives

This rule stays in threat-review because security training, cloud forensics, and offensive-security material often reference metadata-service access intentionally. The detector is still valuable, but the finding should be interpreted as "this document teaches direct metadata access" rather than a claim that the repository itself is misconfigured.

Remediation

If the example is not essential, remove the direct metadata request. If the example is intentionally instructional, keep explicit risk framing and isolation guidance nearby so the reader understands that this is a sensitive cloud endpoint rather than a normal setup dependency.