Rule Reference

SEC532lintai-ai-securitygovernancehardeningstablemarkdownwarn

AI markdown: shared gh api PATCH tool grant

AI-native markdown frontmatter grants `Bash(gh api --method PATCH:*)` tool access

Public lane: governance
Category: hardening
Provider: lintai-ai-security
Scope: per-file
Surface: markdown
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message only

How to read this lane

Shared authority and workflow policy review.

How to read this category

Least-privilege, provenance, or operational hygiene signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

governancesidecar lane

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Checks AI-native markdown frontmatter for exact GitHub API PATCH mutation authority through `allowed-tools`.

Deterministic signal basis

MarkdownSignals exact frontmatter string detection for `Bash(gh api --method PATCH:*)` in allowed-tools entries.

Malicious corpus

skill-gh-api-patch-allowed-tools

Benign corpus

skill-gh-api-patch-allowed-tools-specific-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accessgovernancehardeningmarkdown

SEC423AI markdown: bare Read tool grantAI-native markdown frontmatter grants bare `Read` tool accessgovernancehardeningmarkdown

SEC424AI markdown: bare Write tool grantAI-native markdown frontmatter grants bare `Write` tool accessgovernancehardeningmarkdown

SEC425AI markdown: bare Edit tool grantAI-native markdown frontmatter grants bare `Edit` tool accessgovernancehardeningmarkdown

SEC426AI markdown: bare Glob tool grantAI-native markdown frontmatter grants bare `Glob` tool accessgovernancehardeningmarkdown

SEC427AI markdown: bare Grep tool grantAI-native markdown frontmatter grants bare `Grep` tool accessgovernancehardeningmarkdown

SEC532 / MD-GH-API-PATCH-ALLOWED-TOOLS

SEC532 flags AI-native markdown frontmatter when allowed-tools or allowed_tools grants the exact token Bash(gh api --method PATCH:*).

Why It Matters

gh api --method PATCH is a broad GitHub mutation path. Shared frontmatter should not quietly make remote PATCH mutations a default capability for every agent that loads the file.

Trigger Shape

AI-native markdown surface with parsed frontmatter
path is not fixture-like
allowed-tools or allowed_tools contains the exact token Bash(gh api --method PATCH:*)

Safer Example

---
allowed-tools:
  - Bash(gh api --method GET:*)
---

AI markdown: shared gh api PATCH tool grant

Preset Activation

Stable Lifecycle Contract

Related Rules

SEC532 / MD-GH-API-PATCH-ALLOWED-TOOLS ​

Why It Matters ​

Trigger Shape ​

Safer Example ​

SEC532 / MD-GH-API-PATCH-ALLOWED-TOOLS

Why It Matters

Trigger Shape

Safer Example