Bug Bounty Report Reviewer

Automatically transforms vulnerability findings into professional, platform-ready submissions for bug bounty reports.

Install
cmdop skills install agensi-bug-bounty-report-reviewer

Bug Bounty Report Reviewer is a skill that takes raw vulnerability findings and restructures them into submission-ready reports aligned with the standards of platforms like HackerOne and Bugcrowd. The core problem it addresses is the gap between having a valid finding and producing a report that survives triage — many valid findings are closed as Informative or N/A because of poor structure, missing reproduction steps, or unclear impact statements.

The skill applies a structured rubric to audit a report before submission. It scores findings based on severity, identifies missing technical details or assumptions, and flags gaps in the evidence trail. From that audit, it generates a package of structured artifacts: an executive summary, a scored findings table, a point-by-point reproduction checklist, and final report copy that includes confidence levels and risk assessments.

This is targeted at security researchers who already have a technical finding but need help converting it into a professional deliverable. It is not a vulnerability scanner or a tool that discovers security issues — it only works on findings the researcher has already identified. It is also not a substitute for deep domain expertise; it structures and reviews what the researcher supplies, but the underlying technical analysis remains the researcher’s responsibility. There are no environment variables or external service credentials required to run the skill.

Use cases

  • Audit a draft bug bounty report before submitting it to HackerOne or Bugcrowd
  • Generate an executive summary from a set of raw vulnerability notes
  • Identify missing reproduction steps or evidence in a vulnerability writeup
  • Produce a scored findings table for a multi-issue security assessment
  • Refine technical writing in a report to match triage reviewer expectations
  • Create a submission-ready report package with risk assessments and confidence levels

When to use it

  • When a security researcher has a confirmed finding and needs to structure it for formal submission
  • When a report draft has been rejected or closed as Informative and needs improvement
  • When multiple vulnerabilities need to be organized into a prioritized findings table
  • When a researcher wants a pre-submission quality gate before investing time in a full writeup

When not to use it

  • When looking for a tool to discover or scan for vulnerabilities — this skill does not perform active testing
  • When the target platform requires a proprietary report format not covered by HackerOne or Bugcrowd conventions
  • When no vulnerability finding exists yet; the skill reviews and structures existing findings only
  • When automated tool output needs direct ingestion — manual finding input is expected