bounty-pipeline

End-to-end bug bounty pipeline — orchestrates Reticustos, Indago, BypassBurrito, Mobilicustos, Nubicustos, Cepheus, Vinculum, and Ariadne through agent-driven phases from recon to attack path synthesis

Use this agent for API security fuzzing using Indago. Scans APIs from an OpenAPI spec or Reticustos endpoint export, exports WAF-blocked findings for BypassBurrito. Produces indago-report.json and waf-blocked.json. Examples: <example> assistant: "I'll launch the api-fuzz-agent to fuzz the discovered API endpoints." <Task tool invocation to launch api-fuzz-agent> </example>

Use this agent for attack path synthesis using Ariadne. Analyzes correlated findings to build attack graphs, generate operator playbooks, and identify privilege escalation chains. Produces ariadne-report.json. Examples: <example> assistant: "I'll launch the attack-path-agent to synthesize attack paths from correlated findings." <Task tool invocation to launch attack-path-agent> </example>

Use this agent for cloud security auditing using Nubicustos. Scans cloud infrastructure, exports findings and container inventory. Produces nubicustos-findings.json and nubicustos-containers.json (for Cepheus). Examples: <example> assistant: "I'll launch the cloud-audit-agent to audit the cloud infrastructure." <Task tool invocation to launch cloud-audit-agent> </example>

Use this agent for container escape scenario modeling using Cepheus. Enumerates container posture, analyzes escape paths with Nubicustos cloud context enrichment. Produces cepheus-report.json. Examples: <example> assistant: "I'll launch the container-escape-agent to analyze container escape paths." <Task tool invocation to launch container-escape-agent> </example>

Use this agent for finding correlation using Vinculum. Ingests all tool reports from the workspace, deduplicates and correlates findings, then exports in Ariadne format. Produces vinculum-correlated.json and vinculum-ariadne.json. Examples: <example> assistant: "I'll launch the correlation-agent to correlate all findings across tools." <Task tool invocation to launch correlation-agent> </example>

Use this agent for mobile application security analysis using Mobilicustos. Creates a scan for a mobile app, polls for completion, and exports findings. Produces mobilicustos-findings.json. Examples: <example> assistant: "I'll launch the mobile-scan-agent to analyze the mobile application." <Task tool invocation to launch mobile-scan-agent> </example>

Use this agent for network reconnaissance using Reticustos. Registers a target, runs a scan, polls for completion, then exports discovered endpoints and findings to the workspace. Produces reticustos-endpoints.json (for Indago) and reticustos-findings.json (for Vinculum). Examples: <example> assistant: "I'll launch the recon-agent to scan the target and discover endpoints." <Task tool invocation to launch recon-agent> </example>

Use this agent for WAF bypass payload generation using BypassBurrito. Ingests WAF-blocked findings from Indago and generates bypass payloads. Produces burrito-report.json. Only runs when waf-blocked.json has entries. Examples: <example> assistant: "I'll launch the waf-bypass-agent to generate bypass payloads for WAF-blocked requests." <Task tool invocation to launch waf-bypass-agent> </example>