Merge PR #388: fix --force bypassing dangerous verdict in should_allow_install

Authored by Farukest. Fixes #387. Removes 'and not force' from the dangerous verdict check so --force can never install skills with critical security findings (reverse shells, data exfiltration, etc). The docstring already documented this behavior but the code didn't enforce it.
2026-04-29 01:31:41 +00:00 · 2026-03-04 19:19:57 -08:00 · 2026-03-04 19:19:57 -08:00 · ffc6d767ec
commit ffc6d767ec
parent 44a2d0c01f 4805be0119
3 changed files with 113 additions and 1 deletions
--- a/tests/tools/test_skills_guard.py
+++ b/tests/tools/test_skills_guard.py
@ -132,6 +132,23 @@ class TestShouldAllowInstall:
        allowed, _ = should_allow_install(self._result("community", "dangerous", f), force=False)
        assert allowed is False

+    def test_force_never_overrides_dangerous(self):
+        """--force must not bypass dangerous verdict (regression test)."""
+        f = [Finding("x", "critical", "c", "f", 1, "m", "d")]
+        allowed, reason = should_allow_install(
+            self._result("community", "dangerous", f), force=True
+        )
+        assert allowed is False
+        assert "DANGEROUS" in reason
+
+    def test_force_never_overrides_dangerous_trusted(self):
+        """--force must not bypass dangerous even for trusted sources."""
+        f = [Finding("x", "critical", "c", "f", 1, "m", "d")]
+        allowed, _ = should_allow_install(
+            self._result("trusted", "dangerous", f), force=True
+        )
+        assert allowed is False
+

 # ---------------------------------------------------------------------------
 # scan_file — pattern detection