agentic-sdlc-intake-attack

Detection Rules

These are practical triage signals for maintainers, security engineers, and agentic SDLC platform builders.

High-Signal Patterns

Agentic Workflow Signals

Safe GitHub Search Queries

These queries are intended for defensive triage. Tune organization and repository filters before use.

org:YOUR_ORG is:issue is:open "fix.zip"
org:YOUR_ORG is:issue is:open "core_fix"
org:YOUR_ORG is:issue is:open "attached" "zip"
org:YOUR_ORG is:issue is:open "run this" "zip"
org:YOUR_ORG is:issue is:open "validator" ".exe"
org:YOUR_ORG is:issue is:open "hotfix" ".zip"
org:YOUR_ORG is:pr "download" "zip"
org:YOUR_ORG "chmod +x" "issue comment"

Safe Triage Queries

Use the GitHub CLI to enumerate potentially relevant issue comments without downloading attachments:

gh issue list --repo OWNER/REPO --state all --search "zip in:comments"
gh issue list --repo OWNER/REPO --state all --search "\"fix.zip\" in:comments"
gh issue list --repo OWNER/REPO --state all --search "\"core_fix\" in:comments"
gh pr list --repo OWNER/REPO --state all --search "\"download\" \"zip\" in:comments"

Review comment text and provenance first. Do not fetch or open artifacts during broad search.

Archive Triage Signals

Flag an archive when:

Binary Triage Signals

Flag a binary when static inspection shows:

Response Rule

When these signals appear, reject the artifact path and request a normal source diff through a trusted contribution route. If execution occurred, treat the host as potentially compromised.