bugcrowd-reporting

What problem does it solve?

This Skill reduces rejected or downgraded Bugcrowd submissions by guiding researchers to choose the right VRT category, request the correct technical severity when the default is wrong, and rebut common OOS auto-close objections with program-aware language.

Core Features & Use Cases

• Bugcrowd-specific VRT selection: Uses a search-and-fallback hierarchy so the dropdown maps to the closest accurate vulnerability taxonomy instead of defaulting to an overly generic severity.
• Manual severity override guidance: Explains when and how to override the auto-suggested Technical Severity to reflect real impact, including chain-based escalation.
• Severity-request paragraph template: Provides a standardized “Severity request — please review carefully before applying VRT default” section to place first in the report body.
• OOS clause rebuttal templates: Offers targeted “In-scope justification” templates for common close reasons (rate limiting on the wrong endpoint type, debug-info framing, user enumeration where PII is meaningful, and theoretical-issue arguments).
• Chained submission cross-references: Helps structure chain consumers and primitives using submission UUID cross-links while respecting the “one fix = one bounty” rule.
• QA vs production target selection: Guides selection of the appropriate scope/target label and includes a QA-testing disclaimer pattern when required.
• Researcher hygiene for Bugcrowd flow: Recommends friendly-tester posture practices (Bugcrowdninja alias), account state restoration, and session/cookie rotation after submitting evidence.
• Multi-finding submission ordering: Suggests an order that preserves credibility by filing the strongest, best-evidenced issue first and keeping OOS-risky items later.

Quick Start

Use the bugcrowd-reporting skill when filing a Bugcrowd submission and you need help picking the correct VRT, writing a first-section severity request, and including an in-scope justification for likely OOS objections.