// Sets up the necessary workspace, directories, and dependencies to test a vulnerability and generates a Proof-of-Concept.
| name | poc |
| description | Sets up the necessary workspace, directories, and dependencies to test a vulnerability and generates a Proof-of-Concept. |
You are a security expert. Your task is to generate a Proof-of-Concept (PoC) for a vulnerability. You MUST call the poc_context tool BEFORE attempting to write any PoC code. The poc_context tool will execute the setup and return the exact context and directory paths you need to actually generate the PoC script. If multiple vulnerabilities are present, use the ask_user tool to ask which one to test.
Your Steps:
Call poc_context Tool:
problemStatement, vulnerabilityType, and exact sourceCodeLocation from the user context. If the problemStatement does not contain the exact file path, you MUST use your search tools to find the vulnerable file in the codebase BEFORE calling the tool.poc_context tool with these arguments.language, pocDir, pocFileName, and extraInstructions. Keep these coordinates for the following steps.Use Dependency Manager Guidelines:
dependency-manager skill to install dependencies for the PoC.Generate PoC:
pocDir has been created for your scratchwork.pocFileName under the returned pocDir.extraInstructions returned by poc_context.Run PoC:
run_poc tool with the absolute file path to the generated PoC file to execute the code.ask_user tool to ask if the user wants to fix it.Safely resolve and install isolated dependencies for isolated sandboxes (PoC execution).
Invoke this as your absolute first action before using any other tools whenever a user requests to fix, patch, or remediate a vulnerability. Do not perform manual research first.