Bug Bounty Triage is a skill published by agensi, aimed at security researchers and smart contract auditors who work on platforms such as Code4rena, Sherlock, and HackenProof. Its core purpose is to reduce the time lost deciding which programs to target by systematically evaluating active bug bounty programs across three dimensions: payout potential, scope friction, and repository availability. The output is a prioritized target queue rather than an arbitrary audit order.
Once a target list is established, the skill applies triage rubrics to candidate vulnerability findings, assessing each for severity and exploitability. This helps a researcher decide which findings are worth developing into full proof-of-concept exploits before investing further time.
For findings that pass triage, the skill generates structured report skeletons and checklists aligned with the submission standards common to DeFi and smart contract audit platforms. These templates are intended to reduce rejection rates by ensuring required elements are present before submission.
The skill also provides a strategy framework that helps structure a researcher’s working day around high-impact tasks such as building test harnesses, rather than lower-value activities.
This skill is appropriate when a researcher needs to choose among multiple active programs or prepare a compliant vulnerability report. It is not a static analysis tool, does not execute code, and does not connect to external bug bounty platform APIs — it provides structured guidance and templates rather than automated scanning.