lintai docs

Appearance

Rule Reference

SEC465lintai-ai-securitystablemarkdownwarn

AI markdown: git http remote

AI-native markdown configures a Git remote with an insecure `http://` source

Provider
lintai-ai-security
Surface
markdown
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership
skillsmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks AI-native markdown for `git remote add` examples that configure a repository remote through an insecure `http://` source.

Deterministic signal basis

MarkdownSignals exact `git remote add` token analysis with direct `http://` source detection inside parsed markdown regions.

Malicious corpus
skill-git-http-remote
Benign corpus
skill-git-https-remote-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accessmarkdownstable
SEC417AI markdown: unpinned pip git installAI-native markdown installs Python packages from an unpinned `git+https://` sourcemarkdownstable
SEC428AI markdown: unsafe Read path grantAI-native markdown frontmatter grants `Read(...)` over an unsafe repo-external pathmarkdownstable
SEC429AI markdown: unsafe Write path grantAI-native markdown frontmatter grants `Write(...)` over an unsafe repo-external pathmarkdownstable
SEC430AI markdown: unsafe Edit path grantAI-native markdown frontmatter grants `Edit(...)` over an unsafe repo-external pathmarkdownstable
SEC431AI markdown: unsafe Glob path grantAI-native markdown frontmatter grants `Glob(...)` over an unsafe repo-external pathmarkdownstable

SEC465 / MD-GIT-HTTP-REMOTE flags AI-native markdown that configures a Git remote through plain http://.

Why this matters:

  • git remote add ... http://... bakes insecure transport into repository setup guidance
  • the example can be copied directly into bootstrap instructions or onboarding docs
  • the safer replacement is a normal TLS-verified https:// repository URL

Triggers:

bash
git remote add origin http://git.example.test/demo.git

Does not trigger:

bash
git remote add origin https://github.com/acme/demo.git

Remediation:

  • replace the insecure http:// remote source with a normal TLS-verified https:// repository URL