Skill: Generate PoC

Try to make the vulnerability actually fire on a running instance via a Python script, and record the outcome — confirmed or failed

Inputs

From the caller; if omitted, fall back to the default. Ask only when a required input is missing and has no sensible default

• Finding <finding> — the TP finding file. Default: .opentaint/tracking/findings/<name>.yaml (name is required)
• Project root <project-root> — sources to build and run. Default: current directory
• App endpoint <base-url> (optional) — base URL if the app is already running
• PoC directory <poc-dir> — where the PoC script is saved. Default: .opentaint/pocs

Workflow

1. Start the app

Reuse <base-url> if given. Otherwise build and start the app the way the project expects (spring-boot:run, java -jar, docker compose, …), wait until it's listening, and note the base URL. The PoC must hit a live instance