Behavioral evals for the dependency-audit skill.
| Suite | Step | Cases | What it covers |
|---|---|---|---|
| step-scope-selection | Scope and manager determination | 4 | explicit repo, ambiguous scope, prompt injection ignored, no manager specified |
| step-findings-report | Findings presentation discipline | 4 | Python vulns patchable, no findings, unpatchable finding, no autopilot fix |
# All cases uv run --project tools/skill-evals skill-eval tools/skill-evals/evals/dependency-audit/ # Single suite uv run --project tools/skill-evals skill-eval \ tools/skill-evals/evals/dependency-audit/step-scope-selection/fixtures/ # Single case uv run --project tools/skill-evals skill-eval \ tools/skill-evals/evals/dependency-audit/step-scope-selection/fixtures/case-1-explicit-repo
Given a maintainer request, the model determines the audit scope (local path vs named repo) and the dependency manager(s) to use. Also checks:
ask_user: false);ask_user: false, managers: []) and detects the manager after cloning rather than guessing one from the repo name;ask_user: true);Given mock audit-tool output, the model produces a structured finding report. Asserts that:
autopilot_fix_offered: false);