Rule Reference

SEC461lintai-ai-securitystablemarkdownwarn

AI markdown: pip config trusted-host

AI-native markdown configures Python package resolution with `trusted-host`

Provider: lintai-ai-security
Surface: markdown
Scope: per_file
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership

skillsmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks AI-native markdown for `pip config set` commands that configure trusted-host bypass behavior.

Deterministic signal basis

MarkdownSignals exact `pip config set`, `pip3 config set`, or `python -m pip config set` token analysis with `global.trusted-host` detection inside parsed markdown regions.

Malicious corpus

skill-pip-config-trusted-host

Benign corpus

skill-pip-config-unrelated-key-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accessmarkdownstable

SEC417AI markdown: unpinned pip git installAI-native markdown installs Python packages from an unpinned `git+https://` sourcemarkdownstable

SEC428AI markdown: unsafe Read path grantAI-native markdown frontmatter grants `Read(...)` over an unsafe repo-external pathmarkdownstable

SEC429AI markdown: unsafe Write path grantAI-native markdown frontmatter grants `Write(...)` over an unsafe repo-external pathmarkdownstable

SEC430AI markdown: unsafe Edit path grantAI-native markdown frontmatter grants `Edit(...)` over an unsafe repo-external pathmarkdownstable

SEC431AI markdown: unsafe Glob path grantAI-native markdown frontmatter grants `Glob(...)` over an unsafe repo-external pathmarkdownstable

SEC461 / MD-PIP-CONFIG-TRUSTED-HOST

SEC461 flags AI-native markdown when a pip config set, pip3 config set, or python -m pip config set command sets global.trusted-host.

Why It Matters

Setting trusted-host weakens normal trust checks for package resolution. In shared AI-native instructions, that turns a persistent verification bypass into copy-pastable setup guidance.

What Triggers It

AI-native markdown surface
the same parsed markdown region contains:
- pip config set
- pip3 config set
- or python -m pip config set
the same region also contains:
- global.trusted-host ...
- or global.trusted-host=...

The finding points to the global.trusted-host token.

What Does Not Trigger It

unrelated pip config keys like global.timeout
install-time --trusted-host examples, because those are covered by SEC448
unrelated prose that mentions trust or hosts without a matching pip config command

Example

Bad:

bash

pip config set global.trusted-host pypi.example.test

Better:

bash

pip config set global.index-url https://pypi.example.test/simple

Remediation

Remove the trusted-host config and rely on normal TLS-verified Python package sources instead.

AI markdown: pip config trusted-host

Preset Membership

Stable Lifecycle Contract

Related Rules

SEC461 / MD-PIP-CONFIG-TRUSTED-HOST ​

Why It Matters ​

What Triggers It ​

What Does Not Trigger It ​

Example ​