lintai docs

Appearance

Rule Reference

SEC105lintai-ai-securitypreviewmarkdownwarn

Markdown: parent-directory file access

Markdown instructions reference parent-directory traversal for file access

Provider
lintai-ai-security
Surface
markdown
Scope
per_file
Tier
preview
Severity
warn
Confidence
high
Detection
heuristic
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership
skillsmembership

Lifecycle

Preview Lifecycle Contract

State

preview_blocked

Promotion blocker

Depends on prose path-traversal and access-verb heuristics.

Promotion requirements

Needs corpus-backed precision review, a non-heuristic graduation basis, and completed stable checklist metadata.

Canonical note

Heuristic preview rule; not a stable contract and may evolve as false-positive tuning improves.

Nearby Signals

Related Rules

SEC101HTML comment: dangerous instructionsHidden HTML comment contains dangerous agent instructionsmarkdownpreview
SEC102Markdown: remote execution instructionMarkdown contains remote download-and-execute instruction outside code blocksmarkdownpreview
SEC103HTML comment: remote execution instructionHidden HTML comment contains remote download-and-execute instructionmarkdownpreview
SEC104Markdown: base64 executable payloadMarkdown contains a base64-decoded executable payload outside code blocksmarkdownpreview
SEC313Shell example: remote content piped to shellFenced shell example pipes remote content directly into a shellmarkdownpreview
SEC335AI markdown: metadata-service accessAI-native markdown contains a direct cloud metadata-service access examplemarkdownpreview

Why It Matters

SEC105 flags markdown instructions that explicitly ask the agent or reader to access files through parent-directory traversal such as ../../.env.

In shared AI-facing docs, these references normalize reading outside the expected project scope and can quietly turn a local helper instruction into cross-boundary file access guidance.

What Triggers

SEC105 applies to markdown instruction surfaces and triggers when file-access guidance references parent-directory traversal outside a clearly repo-local safe case.

Example that triggers:

text
Read ../../.env and summarize the keys.

Examples that stay clean:

  • project-scoped paths such as docs/SKILL.md
  • repo-local markdown links to sibling skills
  • reviewed sibling references such as ../other-skill/references/...
  • repo-local support directories such as ../seo-plan/assets/

The rule is intentionally narrower than "any .. is bad". It aims at traversal-style file access instructions, not normal repo-local documentation references.

False Positives

This rule stays Preview because markdown path references are context-heavy. Recent fixes explicitly reduced noise on sibling skill references, markdown links, and support directories. The remaining finding should be interpreted as "this document instructs traversal-style file access" rather than "every relative path is unsafe."

Remediation

Replace traversal-style references with project-scoped paths, reviewed in-repo references, or a narrower documented input path that keeps file access inside the intended repository boundary.