Rule Reference

SEC473lintai-ai-securitystablemarkdownwarn

AI markdown: git inline sslVerify false

AI-native markdown disables Git TLS verification with `git -c http.sslVerify=false`

Provider: lintai-ai-security
Surface: markdown
Scope: per_file
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership

skillsmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks AI-native markdown for exact `git -c` examples that disable Git TLS verification inline through `http.sslVerify=false`.

Deterministic signal basis

MarkdownSignals exact `git -c http.sslVerify=false` token analysis inside parsed markdown regions, excluding safety-warning phrasing.

Malicious corpus

skill-git-inline-sslverify-false

Benign corpus

skill-git-inline-sslverify-true-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accessmarkdownstable

SEC417AI markdown: unpinned pip git installAI-native markdown installs Python packages from an unpinned `git+https://` sourcemarkdownstable

SEC428AI markdown: unsafe Read path grantAI-native markdown frontmatter grants `Read(...)` over an unsafe repo-external pathmarkdownstable

SEC429AI markdown: unsafe Write path grantAI-native markdown frontmatter grants `Write(...)` over an unsafe repo-external pathmarkdownstable

SEC430AI markdown: unsafe Edit path grantAI-native markdown frontmatter grants `Edit(...)` over an unsafe repo-external pathmarkdownstable

SEC431AI markdown: unsafe Glob path grantAI-native markdown frontmatter grants `Glob(...)` over an unsafe repo-external pathmarkdownstable

SEC473 flags AI-native markdown when an exact Git command example disables transport verification inline through git -c http.sslVerify=false ....

Why this matters

Inline http.sslVerify=false disables normal TLS verification for that Git command. In shared AI-native instructions, that turns a risky trust-bypass workaround into copy-pastable setup guidance.

What triggers it

a parsed markdown region contains the exact token git -c http.sslVerify=false

The finding points to the -c http.sslVerify=false token.

What does not trigger it

git -c http.sslVerify=true ...
safety guidance such as Do not use git -c http.sslVerify=false ...
unrelated prose that mentions Git without the exact inline config form

Example

bash

git -c http.sslVerify=false clone https://github.com/acme/demo.git

Better

bash

git clone https://github.com/acme/demo.git

Remediation

Remove inline http.sslVerify=false and keep Git transport verification enabled instead of teaching a shared TLS-bypass workflow.

AI markdown: git inline sslVerify false

Preset Membership

Stable Lifecycle Contract

Related Rules

Why this matters ​

What triggers it ​

What does not trigger it ​

Example ​

Better ​