lintai docs

Appearance

Rule Reference

SEC358lintai-ai-securitypreviewmarkdownwarn

Plugin agent: `mcpServers` in frontmatter

Plugin agent frontmatter sets `mcpServers`

Provider
lintai-ai-security
Surface
markdown
Scope
per_file
Tier
preview
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership
skillsmembership

Lifecycle

Preview Lifecycle Contract

State

preview_blocked

Promotion blocker

Plugin agent frontmatter can still include unsupported MCP server experiments, so the first release stays spec-guidance-only.

Promotion requirements

Needs corpus-backed precision review, external usefulness evidence, and completed stable checklist metadata.

Canonical note

Structural preview rule; deterministic today, but the preview contract may still evolve.

Nearby Signals

Related Rules

SEC101HTML comment: dangerous instructionsHidden HTML comment contains dangerous agent instructionsmarkdownpreview
SEC102Markdown: remote execution instructionMarkdown contains remote download-and-execute instruction outside code blocksmarkdownpreview
SEC103HTML comment: remote execution instructionHidden HTML comment contains remote download-and-execute instructionmarkdownpreview
SEC104Markdown: base64 executable payloadMarkdown contains a base64-decoded executable payload outside code blocksmarkdownpreview
SEC105Markdown: parent-directory file accessMarkdown instructions reference parent-directory traversal for file accessmarkdownpreview
SEC313Shell example: remote content piped to shellFenced shell example pipes remote content directly into a shellmarkdownpreview

Why It Matters

SEC358 flags plugin agent markdown whose frontmatter sets mcpServers.

This is useful because:

  • plugin agent content should not silently become MCP client wiring
  • it separates agent behavior from server configuration and trust policy
  • it aligns with a cleaner review boundary for shared plugin artifacts

What Triggers

This rule applies only to plugin agent markdown surfaces and triggers on parsed frontmatter that contains the exact key:

  • mcpServers

Example that triggers:

yaml
---
mcpServers:
  demo:
    command: npx
---

Examples that stay clean:

  • plugin agents without mcpServers in frontmatter
  • fixture-like paths under tests/, fixtures/, examples/, or samples/
  • ordinary instructions and skills outside plugin-agent surfaces

False Positives

This rule stays Preview because some repos may still document unsupported MCP-server experiments inside agent files. The signal is meant as structural guidance for cleaner boundaries and easier review.

Remediation

Remove mcpServers from plugin agent frontmatter and define MCP servers in plugin or client configuration instead.