test(perf): dedupe fixtures and reduce flaky waits

src/agents/skills-install.download.test.ts

@@ -166,10 +166,11 @@ afterAll(async () => {
   }
 });
 
-beforeEach(() => {
-  runCommandWithTimeoutMock.mockClear();
-  scanDirectoryWithSummaryMock.mockClear();
-  fetchWithSsrFGuardMock.mockClear();
+beforeEach(async () => {
+  runCommandWithTimeoutMock.mockReset();
+  runCommandWithTimeoutMock.mockResolvedValue(runCommandResult());
+  scanDirectoryWithSummaryMock.mockReset();
+  fetchWithSsrFGuardMock.mockReset();
   scanDirectoryWithSummaryMock.mockResolvedValue({
     scannedFiles: 0,
     critical: 0,
@@ -242,10 +243,7 @@ describe("installSkill download extraction safety", () => {
   });
 
   it("rejects targetDir escapes outside the per-skill tools root", async () => {
-    for (const testCase of [
-      { name: "targetdir-escape", targetDir: path.join(workspaceDir, "outside") },
-      { name: "relative-traversal", targetDir: "../outside" },
-    ]) {
+    for (const testCase of [{ name: "relative-traversal", targetDir: "../outside" }]) {
       mockArchiveResponse(new Uint8Array(SAFE_ZIP_BUFFER));
       await writeDownloadSkill({
         workspaceDir,
@@ -288,16 +286,6 @@ describe("installSkill download extraction safety", () => {
 describe("installSkill download extraction safety (tar.bz2)", () => {
   it("handles tar.bz2 extraction safety edge-cases", async () => {
     for (const testCase of [
-      {
-        label: "rejects traversal before extraction",
-        name: "tbz2-slip",
-        url: "https://example.invalid/evil.tbz2",
-        listOutput: "../outside.txt\n",
-        verboseListOutput: "-rw-r--r--  0 0 0 0 Jan  1 00:00 ../outside.txt\n",
-        extract: "reject" as const,
-        expectedOk: false,
-        expectedExtract: false,
-      },
       {
         label: "rejects archives containing symlinks",
         name: "tbz2-symlink",