Bug bounty workflow skill for program scope mapping, recon-to-report automation, deduplication against prior submissions, and high-signal reporting on HackerOne, Bugcrowd, Intigriti, YesWeHack, and self-hosted programs. Use to organize bounty work end to end while staying inside program rules.
Instalação
Instalar com Codex ou Claude Copie este prompt, cole no Codex, Claude ou outro assistente e deixe que ele revise a página da skill e instale para você.
Bug bounty workflow skill for program scope mapping, recon-to-report automation, deduplication against prior submissions, and high-signal reporting on HackerOne, Bugcrowd, Intigriti, YesWeHack, and self-hosted programs. Use to organize bounty work end to end while staying inside program rules.
Bug Bounty Workflow
Program Rules First
Parse and pin the program brief: in-scope, out-of-scope, allowed techniques, rate, retesting, safe harbor, disclosure.
Refuse any step that violates program rules or applicable law, even if technically possible.
Track per-target state so you never test out-of-scope assets accidentally.
Workflow
Scope ingest: domains, mobile apps, APIs, source repos, partner services; tag each with in/out/maybe and rate.
Recon: passive OSINT, subdomain/asset discovery, screenshot, tech fingerprint, content discovery; store as snapshots.