Rule Reference

SEC456lintai-ai-securitystablemarkdownwarn

AI markdown: pip http find-links

AI-native markdown installs Python packages with insecure `http://` find-links

Provider: lintai-ai-security
Surface: markdown
Scope: per_file
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership

skillsmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks AI-native markdown for `pip install` examples that point package discovery at `http://` find-links sources.

Deterministic signal basis

MarkdownSignals exact `pip install` token analysis with `--find-links http://`, `--find-links=http://`, or `-f http://` detection inside parsed markdown regions.

Malicious corpus

skill-pip-http-find-links

Benign corpus

skill-pip-https-find-links-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accessmarkdownstable

SEC417AI markdown: unpinned pip git installAI-native markdown installs Python packages from an unpinned `git+https://` sourcemarkdownstable

SEC428AI markdown: unsafe Read path grantAI-native markdown frontmatter grants `Read(...)` over an unsafe repo-external pathmarkdownstable

SEC429AI markdown: unsafe Write path grantAI-native markdown frontmatter grants `Write(...)` over an unsafe repo-external pathmarkdownstable

SEC430AI markdown: unsafe Edit path grantAI-native markdown frontmatter grants `Edit(...)` over an unsafe repo-external pathmarkdownstable

SEC431AI markdown: unsafe Glob path grantAI-native markdown frontmatter grants `Glob(...)` over an unsafe repo-external pathmarkdownstable

SEC456 / MD-PIP-HTTP-FIND-LINKS

SEC456 flags AI-native markdown when a pip install example uses --find-links http://..., --find-links=http://..., or -f http://....

Why It Matters

pip install --find-links http://... points package discovery at an insecure transport. In shared AI-native instructions, that turns an integrity-bypassing supply-chain pattern into copy-pastable setup guidance.

What Triggers It

AI-native markdown surface
the same parsed markdown region contains a matching pip install, pip3 install, or python -m pip install form
the same region also contains one of:
- --find-links http://
- --find-links=http://
- -f http://

The finding points to http://.

What Does Not Trigger It

https:// find-links sources
--index-url http://... and --extra-index-url http://... because those are covered by SEC449
unrelated prose that mentions http:// outside a matching pip install form

Example

Bad:

bash

pip install --find-links http://packages.example.test/simple demo

Better:

bash

pip install --find-links https://packages.example.test/simple demo

Remediation

Replace the insecure http:// find-links source with a normal TLS-verified https:// source.

AI markdown: pip http find-links

Preset Membership

Stable Lifecycle Contract

Related Rules

SEC456 / MD-PIP-HTTP-FIND-LINKS ​

Why It Matters ​

What Triggers It ​

What Does Not Trigger It ​

Example ​