Compose a proof-of-concept exploit for a given vulnerability in an authorized test target and emit it as a nocapsec finding (evidence.json) that the engine can deterministically re-verify. Use when asked to build a PoC, write an exploit, or produce nocapsec evidence/finding JSON for a vulnerability (XSS, SQLi, NoSQL injection, SSTI, CRLF, cache poisoning, SSRF, XXE, command injection, open redirect, path traversal, IDOR). Maps the bug to exactly one nocapsec validator type, fills the strict evidence/proof contract, and documents blindspots when runtime proof is not fully achievable.
2026-06-26