Behavioral evals for the security-issue-fix skill. Eleven steps are covered; steps 0 (pre-flight), 1 (sync), 4 (repo setup), 7 (implement), 8 (push), 9 (PR open), and 10 (tracker update) are skipped — tool-execution steps with no structured-output decision boundary.
| Step | Name | Cases | Notes |
|---|---|---|---|
| 2 | Existing-PR check | 3 | PR linked in tracker, PR found via search, no PR found |
| 3 | Fixability assessment | 5 | Includes untrusted-snippet case |
| 5a | Branch name | 3 | Good slug, CVE-id-in-name, security-fix-in-name |
| 5b | Files that will change | 3 | Trusted snippet, untrusted snippet, mixed |
| 5c | Commit message and PR title | 3 | Hard rule: no CVE IDs, no security framing |
| 5d | Test plan | 3 | Full plan, pure-rename (no new tests), no typecheck |
| 5e | Backport label | 3 | Patch release, main-only, multiple backports |
| 5f | Newsfragment | 2 | Default no-fragment, forbidden security framing |
| 5g | PR body draft | 3 | Clean body, forbidden terms, missing GenAI block |
| 6 | Confirm plan | 3 | apply-all, free-form edit, cancel |
| 11 | Recap | 2 | With backport label, no backport needed |
"adopt" and never create a duplicate PR (step-2 cases 1–2).stop: true even when other signals look positive (step-3 cases 2–4).quote_as_untrusted treatment (step-5b case-2).snippet_trusted and snippet_treatment (step-5b case-3).cve-YYYY-NNNNN-* must be flagged invalid (step-5a case-2).security-fix-* must be flagged invalid (step-5a case-3).security vulnerability, bare CVE IDs, or vulnerability flip approved to false (step-5g case-2).approved to false (step-5g case-3).security_framing_violation: true (step-5f case-2)."action": "edit" — not "apply" (step-6 case-2).