report-writing

The report-writing skill serves as a specialized AI agent designed for security researchers and bug bounty hunters to streamline the transition from finding a vulnerability to submitting a professional, actionable report. It shifts the reporting paradigm from descriptive to impact-first, focusing on the specific risks and technical findings that triagers prioritize. The tool provides rigorous structural templates for platforms like HackerOne, Bugcrowd, Intigriti, and Immunefi, ensuring that reports are concise, technically accurate, and formatted to maximize the probability of reward payouts.

• Impact-first methodology that eliminates theoretical language like "could potentially" or "might allow," enforcing clear proof-of-concept requirements.

• Structured templates for various bounty platforms, including custom title formulas, CVSS 3.1 scoring calculators, and severity justification frameworks.

• Pre-submit validation gates that audit reports for clarity, reproducibility, and potential security disclosure pitfalls before they reach program triagers.

• Human-tone guidelines that ensure reports are easily understood by human reviewers, emphasizing clear reproduction steps and quantified business impacts.

• Intended for security researchers, bug bounty hunters, and developers seeking to improve the quality and professionalism of their vulnerability disclosures.

• Typical input includes validated vulnerability data, endpoint information, HTTP request/response logs, and technical proof-of-concept materials.

• Output generates a formatted markdown report ready for submission, complete with severity justifications, remediation advice, and supporting evidence.

• Operates best when integrated with technical reconnaissance tools and proxy history, acting as the final bridge between automated discovery and manual submission.

• Strictly adheres to professional security disclosure ethics, prioritizing safety, replicability, and standard CVSS 3.1/4.0 metrics.