fix(skills): honor policy table for dangerous verdicts

Salvaged from PR #1007 by stablegenius49. - let INSTALL_POLICY decide dangerous verdict handling for builtin skills - allow --force to override blocked dangerous decisions for trusted and community sources - accept --yes / -y as aliases for --force in /skills install - update regression tests to match the intended policy precedence
2026-04-26 01:01:40 +00:00 · 2026-03-14 11:27:02 -07:00 · 2026-03-14 11:27:02 -07:00 · 3325e51e53
commit 3325e51e53
parent 6d8286f396
5 changed files with 40 additions and 49 deletions
--- a/tests/tools/test_skills_guard.py
+++ b/tests/tools/test_skills_guard.py
@ -46,9 +46,9 @@ from tools.skills_guard import (


 class TestResolveTrustLevel:
-    def test_builtin_not_exposed(self):
-        # builtin is only used internally, not resolved from source string
-        assert _resolve_trust_level("openai/skills") == "trusted"
+    def test_official_sources_resolve_to_builtin(self):
+        assert _resolve_trust_level("official") == "builtin"
+        assert _resolve_trust_level("official/email/agentmail") == "builtin"

    def test_trusted_repos(self):
        assert _resolve_trust_level("openai/skills") == "trusted"
@ -116,11 +116,17 @@ class TestShouldAllowInstall:
        allowed, _ = should_allow_install(self._result("trusted", "caution", f))
        assert allowed is True

-    def test_dangerous_blocked_even_trusted(self):
+    def test_trusted_dangerous_blocked_without_force(self):
        f = [Finding("x", "critical", "c", "f", 1, "m", "d")]
        allowed, _ = should_allow_install(self._result("trusted", "dangerous", f))
        assert allowed is False

+    def test_builtin_dangerous_allowed_without_force(self):
+        f = [Finding("x", "critical", "c", "f", 1, "m", "d")]
+        allowed, reason = should_allow_install(self._result("builtin", "dangerous", f))
+        assert allowed is True
+        assert "builtin source" in reason
+
    def test_force_overrides_caution(self):
        f = [Finding("x", "high", "c", "f", 1, "m", "d")]
        allowed, reason = should_allow_install(self._result("community", "caution", f), force=True)
@ -132,22 +138,21 @@ class TestShouldAllowInstall:
        allowed, _ = should_allow_install(self._result("community", "dangerous", f), force=False)
        assert allowed is False

-    def test_force_never_overrides_dangerous(self):
-        """--force must not bypass dangerous verdict (regression test)."""
+    def test_force_overrides_dangerous_for_community(self):
        f = [Finding("x", "critical", "c", "f", 1, "m", "d")]
        allowed, reason = should_allow_install(
            self._result("community", "dangerous", f), force=True
        )
-        assert allowed is False
-        assert "DANGEROUS" in reason
+        assert allowed is True
+        assert "Force-installed" in reason

-    def test_force_never_overrides_dangerous_trusted(self):
-        """--force must not bypass dangerous even for trusted sources."""
+    def test_force_overrides_dangerous_for_trusted(self):
        f = [Finding("x", "critical", "c", "f", 1, "m", "d")]
-        allowed, _ = should_allow_install(
+        allowed, reason = should_allow_install(
            self._result("trusted", "dangerous", f), force=True
        )
-        assert allowed is False
+        assert allowed is True
+        assert "Force-installed" in reason


 # ---------------------------------------------------------------------------