// Draft and submit a vulnerability report to the bug bounty platform. Reads scope.yaml for platform/program, uses brain + findings for content. Always drafts first for review.
[HINT] Download the complete skill directory including SKILL.md and all related files
| name | submit |
| description | Draft and submit a vulnerability report to the bug bounty platform. Reads scope.yaml for platform/program, uses brain + findings for content. Always drafts first for review. |
| disable-model-invocation | false |
Prepare and submit a report for finding: $ARGUMENTS
Workflow:
0. Read rules/identities.md to learn which env vars hold the researcher handle, email alias, and API token for the platform identified in step 1. NEVER hardcode a username or email; always reference the env-var symbol. If a required var is unset, abort with error: <VAR> is not set; refusing to guess and surface it to the user.
scope.yaml to determine the platform and program handle.draft_report to create a platform-formatted draft:
[Vuln Type] in [Component] allows [Impact] via [Vector]submit_report to submit.uv run python3 $CLAUDE_PROJECT_DIR/tools/brain.py record <target> confirmed <technique> "Submitted as report #<id> on <platform>"IMPORTANT: NEVER submit without showing the draft and getting explicit user confirmation.
Submission is a controlled release.
Before asking for approval, verify:
/validate PASS or explicit accepted equivalent exists/quality score is acceptable and blocking issues are fixed/dupcheck result is included or intentionally skipped with reasonShow the user the final title, severity, platform, target asset, evidence list, and any residual risk. If anything changed after draft generation, re-run quality before submission.