Rule Reference

SEC431lintai-ai-securitystablemarkdownwarn

AI markdown: unsafe Glob path grant

AI-native markdown frontmatter grants `Glob(...)` over an unsafe repo-external path

Provider: lintai-ai-security
Surface: markdown
Scope: per_file
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership

skillsmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks AI-native frontmatter for `Glob(...)` grants scoped to absolute, home-relative, drive-letter, or parent-traversing paths outside the repository boundary.

Deterministic signal basis

MarkdownSignals exact frontmatter token analysis for `Glob(...)` scopes with absolute, home-relative, drive-letter, or parent-traversing path markers.

Malicious corpus

skill-glob-unsafe-path-allowed-tools

Benign corpus

skill-glob-unsafe-path-allowed-tools-specific-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accessmarkdownstable

SEC417AI markdown: unpinned pip git installAI-native markdown installs Python packages from an unpinned `git+https://` sourcemarkdownstable

SEC428AI markdown: unsafe Read path grantAI-native markdown frontmatter grants `Read(...)` over an unsafe repo-external pathmarkdownstable

SEC429AI markdown: unsafe Write path grantAI-native markdown frontmatter grants `Write(...)` over an unsafe repo-external pathmarkdownstable

SEC430AI markdown: unsafe Edit path grantAI-native markdown frontmatter grants `Edit(...)` over an unsafe repo-external pathmarkdownstable

SEC432AI markdown: `Bash(git add:*)` tool grantAI-native markdown frontmatter grants `Bash(git add:*)` authoritymarkdownstable

SEC431 / MD-GLOB-UNSAFE-PATH

SEC431 flags AI-native markdown frontmatter when allowed-tools or allowed_tools grants Glob(...) over an absolute path, home-relative path, Windows drive path, or parent-traversing path.

Why It Matters

Shared frontmatter should keep file-discovery scopes inside reviewed repo-local boundaries. Repo-external or parent-traversing Glob(...) grants make discovery policy broader than the project itself.

Trigger Shape

AI-native markdown surface with parsed frontmatter
path is not fixture-like
allowed-tools or allowed_tools contains Glob(...)
the inner path starts with /, ~/, ~\\, a Windows drive prefix, or contains ../ or ..\\

Clean Cases

repo-local scopes such as Glob(./docs/**)
frontmatter without Glob(...)
fixture-like examples under test or fixture paths

Example Trigger

---
allowed-tools: Glob(/var/log/**), Read(./docs/**)
---

Safer Example

---
allowed-tools: Glob(./docs/**), Read(./docs/**)
---

How To Fix

Replace repo-external Glob(...) grants with narrower repo-local scopes, or remove shared file-discovery authority outside the project boundary.

AI markdown: unsafe Glob path grant

Preset Membership

Stable Lifecycle Contract

Related Rules

SEC431 / MD-GLOB-UNSAFE-PATH ​

Why It Matters ​

Trigger Shape ​

Clean Cases ​

Example Trigger ​

Safer Example ​

How To Fix ​