lintai docs

Appearance

Rule Reference

SEC519lintai-ai-securitystablemarkdownwarn

AI markdown: shared gh workflow disable tool grant

AI-native markdown frontmatter grants `Bash(gh workflow disable:*)` tool access

Provider
lintai-ai-security
Surface
markdown
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

governancemembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks AI-native markdown frontmatter for exact GitHub workflow disable authority through `allowed-tools`.

Deterministic signal basis

MarkdownSignals exact frontmatter string detection for `Bash(gh workflow disable:*)` in allowed-tools entries.

Malicious corpus
skill-gh-mutation-allowed-tools
Benign corpus
skill-gh-mutation-specific-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC423AI markdown: bare Read tool grantAI-native markdown frontmatter grants bare `Read` tool accessmarkdownstable
SEC424AI markdown: bare Write tool grantAI-native markdown frontmatter grants bare `Write` tool accessmarkdownstable
SEC425AI markdown: bare Edit tool grantAI-native markdown frontmatter grants bare `Edit` tool accessmarkdownstable
SEC426AI markdown: bare Glob tool grantAI-native markdown frontmatter grants bare `Glob` tool accessmarkdownstable
SEC427AI markdown: bare Grep tool grantAI-native markdown frontmatter grants bare `Grep` tool accessmarkdownstable
SEC505AI markdown: shared gh api POST tool grantAI-native markdown frontmatter grants `Bash(gh api --method POST:*)` tool accessmarkdownstable

SEC519 / MD-GH-WORKFLOW-DISABLE-ALLOWED-TOOLS

SEC519 flags AI-native markdown frontmatter when allowed-tools grants blanket gh workflow disable authority.

Why It Matters

gh workflow disable can turn off GitHub Actions workflows remotely. In shared AI-native markdown guidance that is broader than most teams want to advertise as default agent authority.

Trigger Shape

  • the file is an AI-native markdown surface
  • the path is not fixture-like
  • frontmatter allowed-tools or allowed_tools contains the exact token Bash(gh workflow disable:*)

Clean Cases

  • narrower inspection grants such as Bash(gh workflow view:*)
  • markdown surfaces without blanket workflow disabling grants
  • fixture-like examples under test or fixture paths

Example Trigger

yaml
---
allowed-tools:
  - Bash(gh workflow disable:*)
---

Safer Example

yaml
---
allowed-tools:
  - Bash(gh workflow view:*)
---

How To Fix

Remove shared gh workflow disable tool grants or replace them with narrower reviewed commands that keep workflow disabling under explicit user control.