Files
wehub-resource-sync 2114ccd278
CI / Lint & Test (Python 3.13) (push) Failing after 2s
CI / Lint & Test (Python 3.14) (push) Failing after 1s
CI / Lint & Test (Python 3.12) (push) Failing after 2s
CI / DCO Check (push) Has been skipped
Scorecard supply-chain security / Scorecard analysis (push) Failing after 2s
chore: import upstream snapshot with attribution
2026-07-13 12:23:39 +08:00

22 lines
699 B
Markdown

# Eval Dataset Scanning
SkillSpector treats authored eval datasets as test-case data, not installed
skill logic.
The static pattern analyzers skip these dataset files:
- `evals/evals.json`
- `evals/evals.jsonl`
- `evals/evals.yaml`
- `evals/evals.yml`
- `eval/dataset.json`
- `eval/dataset.jsonl`
- `eval/dataset.yaml`
- `eval/dataset.yml`
This applies to both the agentskills.io format and the legacy flat ACES format.
Security analysis still covers executable skill code, instructions, scripts,
dependencies, MCP metadata, and other install-time surfaces. Eval prompts,
expected outputs, assertions, and ground-truth strings are not treated as code
accessing credentials or exfiltrating data.