Bug Bounty Report Reviewer is a skill that takes raw vulnerability findings and restructures them into submission-ready reports aligned with the standards of platforms like HackerOne and Bugcrowd. The core problem it addresses is the gap between having a valid finding and producing a report that survives triage — many valid findings are closed as Informative or N/A because of poor structure, missing reproduction steps, or unclear impact statements.
The skill applies a structured rubric to audit a report before submission. It scores findings based on severity, identifies missing technical details or assumptions, and flags gaps in the evidence trail. From that audit, it generates a package of structured artifacts: an executive summary, a scored findings table, a point-by-point reproduction checklist, and final report copy that includes confidence levels and risk assessments.
This is targeted at security researchers who already have a technical finding but need help converting it into a professional deliverable. It is not a vulnerability scanner or a tool that discovers security issues — it only works on findings the researcher has already identified. It is also not a substitute for deep domain expertise; it structures and reviews what the researcher supplies, but the underlying technical analysis remains the researcher’s responsibility. There are no environment variables or external service credentials required to run the skill.