lintai docs

Appearance

Rule Reference

SEC449lintai-ai-securitystablemarkdownwarn

AI markdown: pip http index

AI-native markdown installs Python packages from an insecure `http://` package index

Provider
lintai-ai-security
Surface
markdown
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership
skillsmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks AI-native markdown for `pip install` examples that point package index resolution at `http://` sources.

Deterministic signal basis

MarkdownSignals exact `pip install` token analysis with `--index-url http://` or `--extra-index-url http://` detection inside parsed markdown regions.

Malicious corpus
skill-pip-http-index
Benign corpus
skill-pip-https-index-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accessmarkdownstable
SEC417AI markdown: unpinned pip git installAI-native markdown installs Python packages from an unpinned `git+https://` sourcemarkdownstable
SEC428AI markdown: unsafe Read path grantAI-native markdown frontmatter grants `Read(...)` over an unsafe repo-external pathmarkdownstable
SEC429AI markdown: unsafe Write path grantAI-native markdown frontmatter grants `Write(...)` over an unsafe repo-external pathmarkdownstable
SEC430AI markdown: unsafe Edit path grantAI-native markdown frontmatter grants `Edit(...)` over an unsafe repo-external pathmarkdownstable
SEC431AI markdown: unsafe Glob path grantAI-native markdown frontmatter grants `Glob(...)` over an unsafe repo-external pathmarkdownstable

SEC449 / MD-PIP-HTTP-INDEX

SEC449 flags AI-native markdown when a pip install example uses an insecure package index override such as --index-url http://..., --index-url=http://..., --extra-index-url http://..., --extra-index-url=http://..., or -i http://....

Why It Matters

An http:// package index removes transport integrity from Python package resolution. In shared AI-native instructions, that turns an insecure supply-chain bypass into copy-pastable setup guidance.

Trigger Shape

The rule triggers only when all of these are true:

  • the file is an AI-native markdown instruction surface
  • a parsed markdown region contains pip install, pip3 install, or python -m pip install
  • the same region also contains one of:
    • --index-url http://
    • --index-url=http://
    • --extra-index-url http://
    • --extra-index-url=http://
    • -i http://

Clean Cases

These stay clean:

  • pip install examples that use https:// package indexes
  • pip install examples without explicit index override
  • unrelated commands that mention http:// outside a matching pip install form

Example Trigger

bash
pip install --index-url http://pypi.example.test/simple demo

Safer Example

bash
pip install --index-url https://pypi.example.test/simple demo

How To Fix

Replace the insecure http:// package index with a normal TLS-verified https:// source.