Below are results of the task linter - please fix and make sure the linter passes before merge.

11 task YAMLs added. Verdict counts: 0 Critical, 4 High, 5 Medium, 2 Low/OK.

Rubric: .claude/commands/lint-task.md. This check is advisory and never blocks merge.

Evidence of passing run

❌ High — PR body's Test plan has unchecked boxes for make smoke -- --filter uipath-admin and make e2e -- --filter uipath-admin. No "ran locally and it passed" claim anywhere in the description. Please edit the PR description to add a line like: Ran audit_export_e2e and the 8 audit smokes locally; all passed.

Per-task lint

tests/tasks/uipath-admin/audit_sources_smoke.yaml — verdict: Low

Issues:

• [Low] Meaningful coverage: 3 command_executed matchers with no output validation. Justified by "no live tenant" but tests only that the command was constructed, not that it worked.

tests/tasks/uipath-admin/audit_events_basic_smoke.yaml — verdict: Medium (theme-captured; see Theme 1, 3)

tests/tasks/uipath-admin/audit_events_pagination_smoke.yaml — verdict: Medium (theme-captured; see Theme 1, 3)

tests/tasks/uipath-admin/audit_status_filter_smoke.yaml — verdict: High

Issues:

• [High] Prompt over-specification (lines 27–29): prompt says "The skill teaches that the server filters by status — pass --status Failure on the CLI; do NOT post-filter in jq." Near-verbatim restatement of the rule the criterion at lines 36–40 then checks. Any agent reading the prompt passes without invoking the skill.
• [High] Could pass for wrong reason: with --status Failure named in the prompt and the criterion checking exactly that flag, a passing run does not require the skill.

Suggested fixes:

• Replace the "skill teaches…" sentence with: "Use the uipath-admin skill." The success criteria then measure whether the agent learned status-filtering from the skill, not from the prompt.

tests/tasks/uipath-admin/audit_export_basic_smoke.yaml — verdict: Medium (theme-captured; see Theme 2, 3)

tests/tasks/uipath-admin/audit_org_events_smoke.yaml — verdict: Medium (theme-captured; see Theme 1, 3)

tests/tasks/uipath-admin/audit_org_export_smoke.yaml — verdict: Medium (theme-captured; see Theme 2, 3)

tests/tasks/uipath-admin/audit_scope_disambiguation_smoke.yaml — verdict: OK

Single-line, goal-only prompt ("Export the audit log."), no flag leakage. All criteria are command_not_executed — verifies the agent did NOT fire any audit command without clarifying scope. Cleanest task in the PR. Minor caveat: an agent that crashes or refuses to act technically passes; a positive "agent asked a question" check would tighten the assertion, but coder-eval doesn't have one readily available.

tests/tasks/uipath-admin/audit_export_e2e.yaml — verdict: Medium

Issues:

• [Medium] Prompt over-specification (line 24): "Use --output json on sources and events." Flag leak — same flag the criteria at lines 30–32 and 40–42 then check.
• [Low] Meaningful coverage: 5 command_executed criteria but no json_check / file_contains since there's no live tenant. e2e tier without runtime exercise.

Suggested fixes:

• Drop "Use --output json on sources and events" from the prompt — the skill's Critical Rule already says it.

tests/tasks/uipath-admin/audit_who_did_x_e2e.yaml — verdict: High

Issues:

• [High] Prompt over-specification (lines 26–28): "The skill teaches that you must discover source/target GUIDs via sources BEFORE filtering events. Do NOT invent GUIDs." This is the workflow being tested (criterion at lines 41–45 checks sources was called before events with filters). An agent reading this prompt does not need the skill at all.
• [High] Could pass for wrong reason: prompt + criteria form a closed recipe.

Suggested fixes:

• Replace the "skill teaches…" paragraph with: "Use the uipath-admin skill." Let the skill teach the discovery-first rule; the criteria measure whether the agent absorbed it.

tests/tasks/uipath-admin/audit_login_history_e2e.yaml — verdict: High

Issues:

• [High] Prompt over-specification (lines 28–30): "The skill teaches that login filtering is done server-side via --user-id / --type / --status — do NOT pull everything and post-filter on the client." The three flags named in the prompt are the same three flags the criteria then check (--status Failure, --user-id|--search, --type via the source-lookup chain). Recipe in the prompt.
• [High] Could pass for wrong reason: same as above.

Suggested fixes:

• Replace the "skill teaches…" paragraph with: "Use the uipath-admin skill." Same rationale as audit_who_did_x_e2e.yaml.

Within-PR duplicates

• [Medium] Cluster 1: audit_events_basic_smoke.yaml, audit_events_pagination_smoke.yaml — same scaffold, only the --limit threshold (≤200 vs >200) differs. Limit threshold is a real distinction (no pagination vs internal pagination), so this is justified scaffold reuse, not pure duplication — but consider whether one parametrized task would suffice.
• [Medium] Cluster 2: audit_events_basic_smoke.yaml, audit_org_events_smoke.yaml — same scaffold, tenant/org scope swap plus a negative --tenant-id check on the org variant. The scope distinction is real (different basePaths) but the marginal coverage is small.
• [Medium] Cluster 3: audit_export_basic_smoke.yaml, audit_org_export_smoke.yaml — same as Cluster 2 for export.

None are interchangeable (each tests a distinct, documented behavior), so this is Medium-not-High. Consider parametrizing on scope / limit-threshold if the eval framework supports it.

Themes

• Theme 1 [High]: Prompt over-specification across ~6 tasks (audit_status_filter_smoke, audit_events_basic_smoke, audit_events_pagination_smoke, audit_org_events_smoke, audit_export_e2e, audit_who_did_x_e2e, audit_login_history_e2e) — prompts include sentences like "The skill teaches…" or "Use --output json on the events call" that restate the exact behavior the criteria check. The skill should teach the procedure; the prompt should state the goal. Most fixable by deleting one or two sentences per file.
• Theme 2 [Medium]: Every task can only validate command-invocation surface (no json_check, no run_command, no file_contains on real CLI output) because no live tenant is available in the sandbox. The platform-note paragraph documents this explicitly in every task, so it's a deliberate trade-off rather than an oversight — but it does mean these tests cannot catch agents that construct the right command and then misinterpret its output.
• Theme 3 [Medium]: Mirror-pair near-duplicates (3 clusters above). Each pair adds modest scope/pagination coverage. If the eval framework supports parametrization, consolidate.

Conclusion

⚠ 9 of 11 tasks have issues, max severity High. Advisory only — not blocking merge. The two systemic fixes are (a) trim the "skill teaches…" sentences out of the prompts (theme 1, ~5-minute edit) and (b) add a passing-run claim to the PR description.