Rule Reference

SEC519lintai-ai-securitygovernancehardeningstablemarkdownwarn

AI markdown: shared gh workflow disable tool grant

AI-native markdown frontmatter grants `Bash(gh workflow disable:*)` tool access

Public lane: governance
Category: hardening
Provider: lintai-ai-security
Scope: per-file
Surface: markdown
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message only

How to read this lane

Shared authority and workflow policy review.

How to read this category

Least-privilege, provenance, or operational hygiene signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

governancesidecar lane

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Checks AI-native markdown frontmatter for exact GitHub workflow disable authority through `allowed-tools`.

Deterministic signal basis

MarkdownSignals exact frontmatter string detection for `Bash(gh workflow disable:*)` in allowed-tools entries.

Malicious corpus

skill-gh-mutation-allowed-tools

Benign corpus

skill-gh-mutation-specific-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accessgovernancehardeningmarkdown

SEC423AI markdown: bare Read tool grantAI-native markdown frontmatter grants bare `Read` tool accessgovernancehardeningmarkdown

SEC424AI markdown: bare Write tool grantAI-native markdown frontmatter grants bare `Write` tool accessgovernancehardeningmarkdown

SEC425AI markdown: bare Edit tool grantAI-native markdown frontmatter grants bare `Edit` tool accessgovernancehardeningmarkdown

SEC426AI markdown: bare Glob tool grantAI-native markdown frontmatter grants bare `Glob` tool accessgovernancehardeningmarkdown

SEC427AI markdown: bare Grep tool grantAI-native markdown frontmatter grants bare `Grep` tool accessgovernancehardeningmarkdown

SEC519 / MD-GH-WORKFLOW-DISABLE-ALLOWED-TOOLS

SEC519 flags AI-native markdown frontmatter when allowed-tools grants blanket gh workflow disable authority.

Why It Matters

gh workflow disable can turn off GitHub Actions workflows remotely. In shared AI-native markdown guidance that is broader than most teams want to advertise as default agent authority.

Trigger Shape

the file is an AI-native markdown surface
the path is not fixture-like
frontmatter allowed-tools or allowed_tools contains the exact token Bash(gh workflow disable:*)

Clean Cases

narrower inspection grants such as Bash(gh workflow view:*)
markdown surfaces without blanket workflow disabling grants
fixture-like examples under test or fixture paths

Example Trigger

yaml

---
allowed-tools:
  - Bash(gh workflow disable:*)
---

Safer Example

yaml

---
allowed-tools:
  - Bash(gh workflow view:*)
---

How To Fix

Remove shared gh workflow disable tool grants or replace them with narrower reviewed commands that keep workflow disabling under explicit user control.

AI markdown: shared gh workflow disable tool grant

Preset Activation

Stable Lifecycle Contract

Related Rules

SEC519 / MD-GH-WORKFLOW-DISABLE-ALLOWED-TOOLS ​

Why It Matters ​

Trigger Shape ​

Clean Cases ​

Example Trigger ​

Safer Example ​

How To Fix ​