Rule Reference

SEC471lintai-ai-securitystablemarkdownwarn

AI markdown: git sslVerify false

AI-native markdown disables Git TLS verification with `http.sslVerify false`

Provider: lintai-ai-security
Surface: markdown
Scope: per_file
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership

skillsmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks AI-native markdown for exact `git config` examples that disable Git TLS verification through `http.sslVerify false`.

Deterministic signal basis

MarkdownSignals exact `git config` token analysis with `http.sslVerify false` or `http.sslVerify=false` detection inside parsed markdown regions, excluding safety-warning phrasing.

Malicious corpus

skill-git-sslverify-false

Benign corpus

skill-git-sslverify-true-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accessmarkdownstable

SEC417AI markdown: unpinned pip git installAI-native markdown installs Python packages from an unpinned `git+https://` sourcemarkdownstable

SEC428AI markdown: unsafe Read path grantAI-native markdown frontmatter grants `Read(...)` over an unsafe repo-external pathmarkdownstable

SEC429AI markdown: unsafe Write path grantAI-native markdown frontmatter grants `Write(...)` over an unsafe repo-external pathmarkdownstable

SEC430AI markdown: unsafe Edit path grantAI-native markdown frontmatter grants `Edit(...)` over an unsafe repo-external pathmarkdownstable

SEC431AI markdown: unsafe Glob path grantAI-native markdown frontmatter grants `Glob(...)` over an unsafe repo-external pathmarkdownstable

SEC471 flags AI-native markdown when an exact git config example disables Git transport verification with http.sslVerify false or http.sslVerify=false.

Why this matters

Turning off http.sslVerify disables normal TLS verification for Git HTTP transport. In shared AI-native instructions, that converts a risky trust-bypass workaround into copy-pastable setup guidance.

What triggers it

a parsed markdown region contains git config
the same region also contains:
- http.sslVerify false
- or http.sslVerify=false

The finding points to the http.sslVerify false token.

What does not trigger it

git config http.sslVerify true
safety guidance such as Do not use git config http.sslVerify false
unrelated prose that mentions Git without the exact config form

Example

bash

git config http.sslVerify false

Better

bash

git config http.sslVerify true

Remediation

Remove http.sslVerify false and keep Git transport verification enabled instead of teaching a shared TLS-bypass workflow.

AI markdown: git sslVerify false

Preset Membership

Stable Lifecycle Contract

Related Rules

Why this matters ​

What triggers it ​

What does not trigger it ​

Example ​

Better ​