lintai docs

Appearance

Rule Reference

SEC543lintai-ai-securitystablemarkdownwarn

AI markdown: shared gh repo transfer tool grant

AI-native markdown frontmatter grants `Bash(gh repo transfer:*)` tool access

Provider
lintai-ai-security
Surface
markdown
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

governancemembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks AI-native markdown frontmatter for exact GitHub repository transfer authority through `allowed-tools`.

Deterministic signal basis

MarkdownSignals exact frontmatter string detection for `Bash(gh repo transfer:*)` in allowed-tools entries.

Malicious corpus
skill-gh-repo-transfer-release-upload-allowed-tools
Benign corpus
skill-gh-repo-transfer-release-upload-specific-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC423AI markdown: bare Read tool grantAI-native markdown frontmatter grants bare `Read` tool accessmarkdownstable
SEC424AI markdown: bare Write tool grantAI-native markdown frontmatter grants bare `Write` tool accessmarkdownstable
SEC425AI markdown: bare Edit tool grantAI-native markdown frontmatter grants bare `Edit` tool accessmarkdownstable
SEC426AI markdown: bare Glob tool grantAI-native markdown frontmatter grants bare `Glob` tool accessmarkdownstable
SEC427AI markdown: bare Grep tool grantAI-native markdown frontmatter grants bare `Grep` tool accessmarkdownstable
SEC505AI markdown: shared gh api POST tool grantAI-native markdown frontmatter grants `Bash(gh api --method POST:*)` tool accessmarkdownstable

SEC543 / MD-GH-REPO-TRANSFER-ALLOWED-TOOLS

SEC543 flags AI-native markdown frontmatter when allowed-tools or allowed_tools grants blanket GitHub repository transfer authority through gh repo transfer.

Why It Matters

gh repo transfer can move repository ownership across accounts or organizations. In shared skills or instruction frontmatter that is broader than most teams want to delegate by default.

Trigger Shape

  • the file is a detected AI-native markdown instruction surface
  • the path is not fixture-like
  • frontmatter allowed-tools or allowed_tools contains the exact token Bash(gh repo transfer:*)

Clean Cases

  • narrower read-only grants such as Bash(gh repo view:*)
  • frontmatter without blanket repository transfer access
  • fixture-like examples under test or fixture paths

Example Trigger

yaml
---
allowed-tools: Bash(gh repo transfer:*), Read
---

Safer Example

yaml
---
allowed-tools: Bash(gh repo view:*), Read
---

How To Fix

Remove shared gh repo transfer tool grants or replace them with narrower reviewed commands that keep repository transfer under explicit user control.