lintai docs

Appearance

Rule Reference

SEC521lintai-ai-securitygovernancehardeningstablemarkdownwarn

AI markdown: `Write(*)` wildcard tool grant

AI-native markdown frontmatter grants `Write(*)` wildcard access

Public lane
governance
Category
hardening
Provider
lintai-ai-security
Scope
per-file
Surface
markdown
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message only
How to read this lane

Shared authority and workflow policy review.

How to read this category

Least-privilege, provenance, or operational hygiene signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

governancesidecar lane

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Checks AI-native frontmatter for exact `Write(*)` grants that expose unconstrained mutation as shared default policy.

Deterministic signal basis

MarkdownSignals exact frontmatter token detection for `Write(*)` inside allowed-tools or allowed_tools.

Malicious corpus
skill-core-wildcard-allowed-tools
Benign corpus
skill-core-wildcard-allowed-tools-specific-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accessgovernancehardeningmarkdown
SEC423AI markdown: bare Read tool grantAI-native markdown frontmatter grants bare `Read` tool accessgovernancehardeningmarkdown
SEC424AI markdown: bare Write tool grantAI-native markdown frontmatter grants bare `Write` tool accessgovernancehardeningmarkdown
SEC425AI markdown: bare Edit tool grantAI-native markdown frontmatter grants bare `Edit` tool accessgovernancehardeningmarkdown
SEC426AI markdown: bare Glob tool grantAI-native markdown frontmatter grants bare `Glob` tool accessgovernancehardeningmarkdown
SEC427AI markdown: bare Grep tool grantAI-native markdown frontmatter grants bare `Grep` tool accessgovernancehardeningmarkdown

SEC521 / MD-WRITE-WILDCARD

SEC521 flags AI-native markdown frontmatter when allowed-tools or allowed_tools contains the exact wildcard token Write(*).

Why It Matters

Write(*) makes open-ended file mutation part of shared policy. That is usually broader than necessary and increases the chance of unintended writes outside the intended workflow scope.

Trigger Shape

  • AI-native markdown surface with parsed frontmatter
  • path is not fixture-like
  • allowed-tools or allowed_tools contains the exact token Write(*)

Safer Example

md
---
allowed-tools:
  - Write(./artifacts/**)
---