Rule Reference

SEC463lintai-ai-securitygovernancehardeningstablemarkdownwarn

AI markdown: `Bash(sudo:*)` tool grant

AI-native markdown frontmatter grants `Bash(sudo:*)` authority

Public lane: governance
Category: hardening
Provider: lintai-ai-security
Scope: per-file
Surface: markdown
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message only

How to read this lane

Shared authority and workflow policy review.

How to read this category

Least-privilege, provenance, or operational hygiene signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

governancesidecar lane

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Checks AI-native frontmatter for explicit wildcard sudo grants in shared allowed-tools policy.

Deterministic signal basis

MarkdownSignals exact frontmatter token detection for `Bash(sudo:*)` inside allowed-tools or allowed_tools.

Malicious corpus

skill-sudo-allowed-tools

Benign corpus

skill-sudo-allowed-tools-specific-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accessgovernancehardeningmarkdown

SEC423AI markdown: bare Read tool grantAI-native markdown frontmatter grants bare `Read` tool accessgovernancehardeningmarkdown

SEC424AI markdown: bare Write tool grantAI-native markdown frontmatter grants bare `Write` tool accessgovernancehardeningmarkdown

SEC425AI markdown: bare Edit tool grantAI-native markdown frontmatter grants bare `Edit` tool accessgovernancehardeningmarkdown

SEC426AI markdown: bare Glob tool grantAI-native markdown frontmatter grants bare `Glob` tool accessgovernancehardeningmarkdown

SEC427AI markdown: bare Grep tool grantAI-native markdown frontmatter grants bare `Grep` tool accessgovernancehardeningmarkdown

SEC463 / MD-SUDO-ALLOWED-TOOLS

SEC463 flags AI-native markdown when shared frontmatter grants exact Bash(sudo:*) authority through allowed-tools or allowed_tools.

Why It Matters

Bash(sudo:*) gives shared instructions blanket privilege-escalation authority. In AI-native frontmatter, that turns privileged execution into a default team-wide capability instead of a reviewed narrow workflow.

What Triggers It

AI-native markdown surface with frontmatter
allowed-tools or allowed_tools contains exact Bash(sudo:*)

The finding points to the exact frontmatter token.

What Does Not Trigger It

more specific reviewed commands such as Bash(sudo apt-get update)
fixture-like frontmatter paths used only for tests
frontmatter without Bash(sudo:*)

Example

Bad:

yaml

allowed-tools: Bash(sudo:*), Read

Better:

yaml

allowed-tools: Bash(sudo apt-get update), Read

Remediation

Review whether shared Bash(sudo:*) access is really needed. Prefer a narrower reviewed privileged workflow instead of a blanket team-wide sudo grant.

AI markdown: `Bash(sudo:*)` tool grant

Preset Activation

Stable Lifecycle Contract

Related Rules

SEC463 / MD-SUDO-ALLOWED-TOOLS ​

Why It Matters ​

What Triggers It ​

What Does Not Trigger It ​

Example ​