Skill: Discover Attack Surface

Take one library the triage flagged, settle what the built-in rules already cover for the package members this project uses, and write that project-used rule plan — the untrusted-data sources and dangerous sinks actually relevant to this project — for the next phase to build

Inputs

From the caller; if omitted, fall back to the default. Ask only when a required input is missing and has no sensible default

• Package <package> — the flagged library to drill (a pending entry in coverage.yaml)
• Dependency jars <deps-dir> — the project's resolved dependency jars, one per library. Default: .opentaint/project/dependencies
• Project model <model-dir> — the built model. Default: .opentaint/project
• Tracking directory <tracking-dir> — where the coverage record and the per-package lib units live. Default: .opentaint/tracking

Workflow

1. Settle built-in coverage first

Before planning anything, see what the built-ins already match for this package's project-used members — read the lib rules (opentaint health --rules) plus .opentaint/rules. Decide one of: