Bug bounty workflow skill for program scope mapping, recon-to-report automation, deduplication against prior submissions, and high-signal reporting on HackerOne, Bugcrowd, Intigriti, YesWeHack, and self-hosted programs. Use to organize bounty work end to end while staying inside program rules.
Installation
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Bug bounty workflow skill for program scope mapping, recon-to-report automation, deduplication against prior submissions, and high-signal reporting on HackerOne, Bugcrowd, Intigriti, YesWeHack, and self-hosted programs. Use to organize bounty work end to end while staying inside program rules.
Bug Bounty Workflow
Program Rules First
Parse and pin the program brief: in-scope, out-of-scope, allowed techniques, rate, retesting, safe harbor, disclosure.
Refuse any step that violates program rules or applicable law, even if technically possible.
Track per-target state so you never test out-of-scope assets accidentally.
Workflow
Scope ingest: domains, mobile apps, APIs, source repos, partner services; tag each with in/out/maybe and rate.
Recon: passive OSINT, subdomain/asset discovery, screenshot, tech fingerprint, content discovery; store as snapshots.