lintai docs

Appearance

Rule Reference

SEC545lintai-ai-securitystablemarkdownwarn

AI markdown: shared gh release upload tool grant

AI-native markdown frontmatter grants `Bash(gh release upload:*)` tool access

Provider
lintai-ai-security
Surface
markdown
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

governancemembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks AI-native markdown frontmatter for exact GitHub release asset upload authority through `allowed-tools`.

Deterministic signal basis

MarkdownSignals exact frontmatter string detection for `Bash(gh release upload:*)` in allowed-tools entries.

Malicious corpus
skill-gh-repo-transfer-release-upload-allowed-tools
Benign corpus
skill-gh-repo-transfer-release-upload-specific-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC423AI markdown: bare Read tool grantAI-native markdown frontmatter grants bare `Read` tool accessmarkdownstable
SEC424AI markdown: bare Write tool grantAI-native markdown frontmatter grants bare `Write` tool accessmarkdownstable
SEC425AI markdown: bare Edit tool grantAI-native markdown frontmatter grants bare `Edit` tool accessmarkdownstable
SEC426AI markdown: bare Glob tool grantAI-native markdown frontmatter grants bare `Glob` tool accessmarkdownstable
SEC427AI markdown: bare Grep tool grantAI-native markdown frontmatter grants bare `Grep` tool accessmarkdownstable
SEC505AI markdown: shared gh api POST tool grantAI-native markdown frontmatter grants `Bash(gh api --method POST:*)` tool accessmarkdownstable

SEC545 / MD-GH-RELEASE-UPLOAD-ALLOWED-TOOLS

SEC545 flags AI-native markdown frontmatter when allowed-tools or allowed_tools grants blanket GitHub release asset upload authority through gh release upload.

Why It Matters

gh release upload can add or replace release assets in distribution channels. In shared skills or instruction frontmatter that is broader than most teams want to delegate by default.

Trigger Shape

  • the file is a detected AI-native markdown instruction surface
  • the path is not fixture-like
  • frontmatter allowed-tools or allowed_tools contains the exact token Bash(gh release upload:*)

Clean Cases

  • narrower read-only grants such as Bash(gh release view:*)
  • frontmatter without blanket release upload access
  • fixture-like examples under test or fixture paths

Example Trigger

yaml
---
allowed-tools: Bash(gh release upload:*), Read
---

Safer Example

yaml
---
allowed-tools: Bash(gh release view:*), Read
---

How To Fix

Remove shared gh release upload tool grants or replace them with narrower reviewed commands that keep release asset mutation under explicit user control.