Rule Reference

SEC545lintai-ai-securitygovernancehardeningstablemarkdownwarn

AI markdown: shared gh release upload tool grant

AI-native markdown frontmatter grants `Bash(gh release upload:*)` tool access

Public lane: governance
Category: hardening
Provider: lintai-ai-security
Scope: per-file
Surface: markdown
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message only

How to read this lane

Shared authority and workflow policy review.

How to read this category

Least-privilege, provenance, or operational hygiene signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

governancesidecar lane

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Checks AI-native markdown frontmatter for exact GitHub release asset upload authority through `allowed-tools`.

Deterministic signal basis

MarkdownSignals exact frontmatter string detection for `Bash(gh release upload:*)` in allowed-tools entries.

Malicious corpus

skill-gh-repo-transfer-release-upload-allowed-tools

Benign corpus

skill-gh-repo-transfer-release-upload-specific-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accessgovernancehardeningmarkdown

SEC423AI markdown: bare Read tool grantAI-native markdown frontmatter grants bare `Read` tool accessgovernancehardeningmarkdown

SEC424AI markdown: bare Write tool grantAI-native markdown frontmatter grants bare `Write` tool accessgovernancehardeningmarkdown

SEC425AI markdown: bare Edit tool grantAI-native markdown frontmatter grants bare `Edit` tool accessgovernancehardeningmarkdown

SEC426AI markdown: bare Glob tool grantAI-native markdown frontmatter grants bare `Glob` tool accessgovernancehardeningmarkdown

SEC427AI markdown: bare Grep tool grantAI-native markdown frontmatter grants bare `Grep` tool accessgovernancehardeningmarkdown

SEC545 / MD-GH-RELEASE-UPLOAD-ALLOWED-TOOLS

SEC545 flags AI-native markdown frontmatter when allowed-tools or allowed_tools grants blanket GitHub release asset upload authority through gh release upload.

Why It Matters

gh release upload can add or replace release assets in distribution channels. In shared skills or instruction frontmatter that is broader than most teams want to delegate by default.

Trigger Shape

the file is a detected AI-native markdown instruction surface
the path is not fixture-like
frontmatter allowed-tools or allowed_tools contains the exact token Bash(gh release upload:*)

Clean Cases

narrower read-only grants such as Bash(gh release view:*)
frontmatter without blanket release upload access
fixture-like examples under test or fixture paths

Example Trigger

yaml

---
allowed-tools: Bash(gh release upload:*), Read
---

Safer Example

yaml

---
allowed-tools: Bash(gh release view:*), Read
---

How To Fix

Remove shared gh release upload tool grants or replace them with narrower reviewed commands that keep release asset mutation under explicit user control.

AI markdown: shared gh release upload tool grant

Preset Activation

Stable Lifecycle Contract

Related Rules

SEC545 / MD-GH-RELEASE-UPLOAD-ALLOWED-TOOLS ​

Why It Matters ​

Trigger Shape ​

Clean Cases ​

Example Trigger ​

Safer Example ​

How To Fix ​