lintai docs

Appearance

Rule Reference

SEC533lintai-ai-securitystablemarkdownwarn

AI markdown: shared gh api PUT tool grant

AI-native markdown frontmatter grants `Bash(gh api --method PUT:*)` tool access

Provider
lintai-ai-security
Surface
markdown
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

governancemembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks AI-native markdown frontmatter for exact GitHub API PUT mutation authority through `allowed-tools`.

Deterministic signal basis

MarkdownSignals exact frontmatter string detection for `Bash(gh api --method PUT:*)` in allowed-tools entries.

Malicious corpus
skill-gh-api-put-allowed-tools
Benign corpus
skill-gh-api-put-allowed-tools-specific-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC423AI markdown: bare Read tool grantAI-native markdown frontmatter grants bare `Read` tool accessmarkdownstable
SEC424AI markdown: bare Write tool grantAI-native markdown frontmatter grants bare `Write` tool accessmarkdownstable
SEC425AI markdown: bare Edit tool grantAI-native markdown frontmatter grants bare `Edit` tool accessmarkdownstable
SEC426AI markdown: bare Glob tool grantAI-native markdown frontmatter grants bare `Glob` tool accessmarkdownstable
SEC427AI markdown: bare Grep tool grantAI-native markdown frontmatter grants bare `Grep` tool accessmarkdownstable
SEC505AI markdown: shared gh api POST tool grantAI-native markdown frontmatter grants `Bash(gh api --method POST:*)` tool accessmarkdownstable

SEC533 / MD-GH-API-PUT-ALLOWED-TOOLS

SEC533 flags AI-native markdown frontmatter when allowed-tools or allowed_tools grants the exact token Bash(gh api --method PUT:*).

Why It Matters

gh api --method PUT is a broad GitHub mutation path. Shared frontmatter should not quietly make remote PUT mutations a default capability for every agent that loads the file.

Trigger Shape

  • AI-native markdown surface with parsed frontmatter
  • path is not fixture-like
  • allowed-tools or allowed_tools contains the exact token Bash(gh api --method PUT:*)

Safer Example

md
---
allowed-tools:
  - Bash(gh api --method GET:*)
---