Bug bounty workflow skill for program scope mapping, recon-to-report automation, deduplication against prior submissions, and high-signal reporting on HackerOne, Bugcrowd, Intigriti, YesWeHack, and self-hosted programs. Use to organize bounty work end to end while staying inside program rules.
Installation
Installer avec Codex ou Claude Copiez ce prompt, collez-le dans Codex, Claude ou un autre assistant, puis laissez-le vérifier la page du skill et l'installer pour vous.
Bug bounty workflow skill for program scope mapping, recon-to-report automation, deduplication against prior submissions, and high-signal reporting on HackerOne, Bugcrowd, Intigriti, YesWeHack, and self-hosted programs. Use to organize bounty work end to end while staying inside program rules.
Bug Bounty Workflow
Program Rules First
Parse and pin the program brief: in-scope, out-of-scope, allowed techniques, rate, retesting, safe harbor, disclosure.
Refuse any step that violates program rules or applicable law, even if technically possible.
Track per-target state so you never test out-of-scope assets accidentally.
Workflow
Scope ingest: domains, mobile apps, APIs, source repos, partner services; tag each with in/out/maybe and rate.
Recon: passive OSINT, subdomain/asset discovery, screenshot, tech fingerprint, content discovery; store as snapshots.