// Draft and submit a vulnerability report to the bug bounty platform. Reads scope.yaml for platform/program, uses brain + findings for content. Always drafts first for review.
Autonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]
Autonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]
Adversarial validator for DAST findings. Attempts to DISPROVE each finding and DOWNGRADE severity. Catches inflated reports, unverified assumptions, and theoretical-only bugs. Dispatch after /validate PASS and before /report.
Server-Side Template Injection specialist. Covers Jinja2 (H1 #74), Twig, Velocity, FreeMarker, ERB, Handlebars, Thymeleaf. Use for any rule-engine, comment/message rendering, PR automation, admin template, or user-customizable template surface. Systematic blocklist mapper + CVE bypass runner + runtime-vs-parse distinguisher.
Autonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]
Autonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]
| name | submit |
| description | Draft and submit a vulnerability report to the bug bounty platform. Reads scope.yaml for platform/program, uses brain + findings for content. Always drafts first for review. |
| disable-model-invocation | false |
Prepare and submit a report for finding: $ARGUMENTS
Workflow:
0. Read rules/identities.md to learn which env vars hold the researcher handle, email alias, and API token for the platform identified in step 1. NEVER hardcode a username or email; always reference the env-var symbol. If a required var is unset, abort with error: <VAR> is not set; refusing to guess and surface it to the user.
scope.yaml to determine the platform and program handle.draft_report to create a platform-formatted draft:
[Vuln Type] in [Component] allows [Impact] via [Vector]submit_report to submit.uv run python3 $CLAUDE_PROJECT_DIR/tools/brain.py record <target> confirmed <technique> "Submitted as report #<id> on <platform>"IMPORTANT: NEVER submit without showing the draft and getting explicit user confirmation.
Submission is a controlled release.
Before asking for approval, verify:
/validate PASS or explicit accepted equivalent exists/quality score is acceptable and blocking issues are fixed/dupcheck result is included or intentionally skipped with reasonShow the user the final title, severity, platform, target asset, evidence list, and any residual risk. If anything changed after draft generation, re-run quality before submission.