Bug bounty workflow skill for program scope mapping, recon-to-report automation, deduplication against prior submissions, and high-signal reporting on HackerOne, Bugcrowd, Intigriti, YesWeHack, and self-hosted programs. Use to organize bounty work end to end while staying inside program rules.
インストール
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
Bug bounty workflow skill for program scope mapping, recon-to-report automation, deduplication against prior submissions, and high-signal reporting on HackerOne, Bugcrowd, Intigriti, YesWeHack, and self-hosted programs. Use to organize bounty work end to end while staying inside program rules.
Bug Bounty Workflow
Program Rules First
Parse and pin the program brief: in-scope, out-of-scope, allowed techniques, rate, retesting, safe harbor, disclosure.
Refuse any step that violates program rules or applicable law, even if technically possible.
Track per-target state so you never test out-of-scope assets accidentally.
Workflow
Scope ingest: domains, mobile apps, APIs, source repos, partner services; tag each with in/out/maybe and rate.
Recon: passive OSINT, subdomain/asset discovery, screenshot, tech fingerprint, content discovery; store as snapshots.