diff --git a/src/agents/agent-executor.ts b/src/agents/agent-executor.ts index 0335f34..c061e62 100644 --- a/src/agents/agent-executor.ts +++ b/src/agents/agent-executor.ts @@ -1680,9 +1680,10 @@ Return JSON only: const examples = selectPocExamples(vulnerability.type || '', 2); const examplesSection = examples.length > 0 - ? `## Examples\nThe following examples illustrate the expected output format:\n\n${examples.map(e => - '```json\n' + JSON.stringify(e.example, null, 2) + '\n```' - ).join('\n\n')}\n` + ? `## Examples\nThe following examples illustrate the expected output format:\n\n${examples.map((e, i) => { + const { validated: _omit, ...exampleData } = e.example; + return `### Example ${i + 1} (${e.example.language})\n\`\`\`json\n${JSON.stringify(exampleData, null, 2)}\n\`\`\``; + }).join('\n\n')}\n` : ''; return `Generate a security test case for the following vulnerability. diff --git a/src/agents/poc-examples.ts b/src/agents/poc-examples.ts index 3ffebfd..5d73d8d 100644 --- a/src/agents/poc-examples.ts +++ b/src/agents/poc-examples.ts @@ -120,13 +120,17 @@ export const POC_EXAMPLES: PocExample[] = [ /** * Select up to maxCount examples whose categories overlap with the vulnerability type. - * Falls back to the first maxCount examples if no match is found. + * Returns an empty array when no category matches — irrelevant examples degrade model + * output quality more than providing no examples at all. */ export function selectPocExamples(vulnType: string, maxCount: number): PocExample[] { const normalised = vulnType.toLowerCase().replace(/[\s_]/g, '-'); const matched = POC_EXAMPLES.filter(e => e.categories.some(c => normalised.includes(c) || c.includes(normalised)) ); - const pool = matched.length > 0 ? matched : POC_EXAMPLES; - return pool.slice(0, maxCount); + if (matched.length === 0) { + console.warn(`[poc-examples] No examples matched vulnerability type "${vulnType}" — omitting examples from prompt`); + return []; + } + return matched.slice(0, maxCount); }