Rule Reference

SEC430lintai-ai-securitygovernancehardeningstablemarkdownwarn

AI markdown: unsafe Edit path grant

AI-native markdown frontmatter grants `Edit(...)` over an unsafe repo-external path

Public lane: governance
Category: hardening
Provider: lintai-ai-security
Scope: per-file
Surface: markdown
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message only

How to read this lane

Shared authority and workflow policy review.

How to read this category

Least-privilege, provenance, or operational hygiene signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

governancesidecar lane

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Checks AI-native frontmatter for `Edit(...)` grants scoped to absolute, home-relative, drive-letter, or parent-traversing paths outside the repository boundary.

Deterministic signal basis

MarkdownSignals exact frontmatter token analysis for `Edit(...)` scopes with absolute, home-relative, drive-letter, or parent-traversing path markers.

Malicious corpus

skill-edit-unsafe-path-allowed-tools

Benign corpus

skill-edit-unsafe-path-allowed-tools-specific-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accessgovernancehardeningmarkdown

SEC423AI markdown: bare Read tool grantAI-native markdown frontmatter grants bare `Read` tool accessgovernancehardeningmarkdown

SEC424AI markdown: bare Write tool grantAI-native markdown frontmatter grants bare `Write` tool accessgovernancehardeningmarkdown

SEC425AI markdown: bare Edit tool grantAI-native markdown frontmatter grants bare `Edit` tool accessgovernancehardeningmarkdown

SEC426AI markdown: bare Glob tool grantAI-native markdown frontmatter grants bare `Glob` tool accessgovernancehardeningmarkdown

SEC427AI markdown: bare Grep tool grantAI-native markdown frontmatter grants bare `Grep` tool accessgovernancehardeningmarkdown

SEC430 / MD-EDIT-UNSAFE-PATH

SEC430 flags AI-native markdown frontmatter when allowed-tools or allowed_tools grants Edit(...) over an absolute path, home-relative path, Windows drive path, or parent-traversing path.

Why It Matters

Shared instruction frontmatter should not silently authorize edits outside the repository scope. Repo-external or parent-traversing Edit(...) grants weaken reviewability and make workspace boundaries unclear.

Trigger Shape

AI-native markdown surface with parsed frontmatter
path is not fixture-like
allowed-tools or allowed_tools contains Edit(...)
the inner path starts with /, ~/, ~\\, a Windows drive prefix, or contains ../ or ..\\

Clean Cases

repo-local scopes such as Edit(./docs/**)
frontmatter without Edit(...)
fixture-like examples under test or fixture paths

Example Trigger

---
allowed-tools: Edit(~/workspace/**), Read(./docs/**)
---

Safer Example

---
allowed-tools: Edit(./docs/**), Read(./docs/**)
---

How To Fix

Replace repo-external Edit(...) grants with narrower repo-local scopes, or remove shared edit authority outside the project boundary.

AI markdown: unsafe Edit path grant

Preset Activation

Stable Lifecycle Contract

Related Rules

SEC430 / MD-EDIT-UNSAFE-PATH ​

Why It Matters ​

Trigger Shape ​

Clean Cases ​

Example Trigger ​

Safer Example ​

How To Fix ​