test: cover Skops getattribute member scanning

[mldangelo-oai]

Summary

• add Skops-specific regression coverage for nested Python members using bound getattribute to recover high-risk calls
• add benign getattribute negative coverage
• pin the current shared ZIP-member resolver behavior for Skops archives

Validation

• new C155 tests: 2 passed
• PYTHONPATH=/private/tmp/modelaudit-c155 PROMPTFOO_DISABLE_TELEMETRY=1 /Users/mdangelo/code/modelaudit/.venv/bin/pytest tests/scanners/test_skops_scanner.py tests/scanners/test_zip_scanner.py -q: 511 passed, 1 warning
• ruff format --check tests/scanners/test_skops_scanner.py
• ruff check tests/scanners/test_skops_scanner.py
• mypy tests/scanners/test_skops_scanner.py
• git diff --check

[mldangelo-oai]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. 👍

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mldangelo-oai]

QA summary for current head 02e21ca:\n\n- Reviewed the diff against current origin/main; only CHANGELOG.md and tests/scanners/test_skops_scanner.py are in the PR diff.\n- Verified the malicious Skops fixture catches the getattribute-mediated os.system false-negative path.\n- Verified the benign getattribute fixture stays quiet to guard false positives.\n- Local validation passed: new two-test slice (2 passed), full Skops scanner tests (59 passed), shared ZIP namespace/getattribute FP/FN slice (121 passed), and full Skops+ZIP bundle (511 passed, 1 warning).\n- Current-head GitHub checks are green, including CI Success, Type Check, Lint and Format, Python 3.10, Python 3.13, Windows 3.11, CodeQL, docs formatting, build/package, and vendored proto checks.\n\nI could not submit an approving review because GitHub treats this account as the PR author; auto-merge is enabled and waiting on the required independent review gate.