refactor(poc-gen): rewrite POC prompt to prevent LLM safety refusals

src/agents/agent-executor.ts

@@ -1680,9 +1680,10 @@ Return JSON only:
 
     const examples = selectPocExamples(vulnerability.type || '', 2);
     const examplesSection = examples.length > 0
-      ? `## Examples\nThe following examples illustrate the expected output format:\n\n${examples.map(e =>
-          '```json\n' + JSON.stringify(e.example, null, 2) + '\n```'
-        ).join('\n\n')}\n`
+      ? `## Examples\nThe following examples illustrate the expected output format:\n\n${examples.map((e, i) => {
+          const { validated: _omit, ...exampleData } = e.example;
+          return `### Example ${i + 1} (${e.example.language})\n\`\`\`json\n${JSON.stringify(exampleData, null, 2)}\n\`\`\``;
+        }).join('\n\n')}\n`
       : '';
 
     return `Generate a security test case for the following vulnerability.

src/agents/poc-examples.ts

@@ -120,13 +120,17 @@ export const POC_EXAMPLES: PocExample[] = [
 
 /**
  * Select up to maxCount examples whose categories overlap with the vulnerability type.
- * Falls back to the first maxCount examples if no match is found.
+ * Returns an empty array when no category matches — irrelevant examples degrade model
+ * output quality more than providing no examples at all.
  */
 export function selectPocExamples(vulnType: string, maxCount: number): PocExample[] {
   const normalised = vulnType.toLowerCase().replace(/[\s_]/g, '-');
   const matched = POC_EXAMPLES.filter(e =>
     e.categories.some(c => normalised.includes(c) || c.includes(normalised))
   );
-  const pool = matched.length > 0 ? matched : POC_EXAMPLES;
-  return pool.slice(0, maxCount);
+  if (matched.length === 0) {
+    console.warn(`[poc-examples] No examples matched vulnerability type "${vulnType}" — omitting examples from prompt`);
+    return [];
+  }
+  return matched.slice(0, maxCount);
 }