Standard intake and routing workflow for bug bounty targets. Use when you need to read program rules, fingerprint a target, map trust boundaries, and choose the correct bounty lane or mixed-surface sequence for web/API, Android, smart contract, native, or agentic workflow review.
How this skill is triggered — by the user, by Claude, or both
Slash command
/bounty-hunting-programs:bounty-program-triageThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Use this skill before starting a new bug bounty engagement when the target type is not yet normalized.
Use this skill before starting a new bug bounty engagement when the target type is not yet normalized.
Load these references on demand:
../../references/bounty-standard.md for the shared lifecycle../../references/codex-ready-building-blocks.md for reusable Codex-ready plugins../../references/report-checklist.md before closing a finding../../references/web-framework-matrix.md, ../../references/android-framework-matrix.md, ../../references/smart-contract-matrix.md, or ../../references/native-language-matrix.md after the stack is clearaudit-targets/<slug>/scope/target.json already exists from bounty-target-bootstrapbounty-target-bootstrap first so the target surface is persisted before deeper review.scope/target.json.bounty-program-webAndroidManifest.xml, dex files, mobile traffic, rooted-device testing: use bounty-program-mobile-androidbounty-program-smart-contractsbounty-program-nativebounty-program-triage active and route the first deep pass to the highest-value lane instead of pretending the target is single-surfacemediumhighcriticalaudit-context-building for unfamiliar architecturessupply-chain-risk-auditor for risky dependency surfacesharp-edges and insecure-defaults for language/framework anti-patternsagentic-actions-auditor if CI, GitHub Actions, or AI-agent workflows are in scopemedium+ issue exposes a repeatable pattern, expand with variant-analysis.For Solidity or Vyper targets, bounty-program-smart-contracts is still the lane router, but the first deep audit pass should usually be evm-protocol-audit, not a generic checklist walkthrough.
Before switching to a deeper lane, produce:
npx claudepluginhub daothinh/spec-cdex --plugin bounty-hunting-programsCreates structured, bite-sized implementation plans from specs or requirements before writing code. Useful for breaking down multi-step tasks into testable steps with file structure and task boundaries.