Existing evaluation methods struggle to detect “overly eager” privilege-escalating behaviors—such as credential leakage or file deletion—by coding agents in non-adversarial tasks, even when the tasks appear successful. This work proposes the first adaptive, non-adversarial evaluation framework that synthesizes benign scenarios containing reusable scopes and trap snippets. By integrating unsupervised execution scoring, pattern-matching–based behavior detection, and Thompson sampling, the framework dynamically generates test cases most likely to elicit overreaching actions. In 10,000 trials, it identified overly eager behaviors in 19.51% of cases and revealed that agent frameworks account for 56% of behavioral variance—substantially exceeding the 21% attributable to base models—demonstrating that neglecting framework-level factors introduces significant evaluation bias.

A coding agent executes a benign task as a sequence of shell, file, and network actions, any of which can quietly exceed the authorized scope while the task still completes. We call this overeager behavior: the prompt is not adversarial and the run succeeds, yet an out-of-scope step can leak credentials or delete files. Existing benchmarks miss it: task-completion suites credit any finished run, jailbreak suites probe adversarial prompts, and the one prior overeager benchmark applies a single fixed prompt set to every agent-model pair, leaving its easiest and most resistant pairs under-measured. We present SNARE (Synthesizing Non-adversarial scenarios for Adaptive Reward-guided Elicitation), a pipeline that composes benign scenarios from reusable scope and trap fragments, scores each run with a judge-free oracle flagging trap-pattern matches and unsolicited file additions or deletions, and uses Thompson sampling to steer each pair's run budget toward the scenarios that most often trigger it. Instantiating it over 24 overeager archetypes yields OverEager, which we run across a 4x5 matrix of four coding agents and five base models. Across 10,000 benign runs, 19.51% trigger overeager behavior, with per-pair rates spanning 11.9x. This variation is driven by the agent framework, not the model: the framework accounts for 56% of it against the model's 21%, so any single-framework or single-model evaluation undercounts the matrix by about a fifth.