BountyForge — Bug Bounty Orchestrator

What it does

BountyForge is an orchestration skill that runs multi-mode bug bounty audits: discovering in-scope code, building agent bundles, spawning parallel auditing agents, deduplicating findings, running gate evaluations, computing CVSS, and formatting platform-specific submission-ready reports. It provides strict canonical report format rules and automated pipelines for triage, PoC generation, and confidence scoring.

When to use it

Invoke when performing security research or automated/manual audits on smart contracts (Solidity, Move, Solana), web/API endpoints, or when you need a submission-ready HackerOne/Bugcrowd/Immunefi report. Also use in report-only mode to normalize and gate-evaluate existing finding lists.

What's included

• Scripts: none bundled in-skill (has_scripts=false).
• References: expects attack vectors, judging rules, CVSS guide files in repo references.
• Instructions: detailed orchestration turns (discover, prepare, spawn agents, deduplicate/validate/output), canonical report format, confidence scoring, and platform adaptations.

Compatible agents

Designed for multi-agent orchestrators and security analysis agents that can read repo files, run Bash tooling, and produce structured reports (Claude Code, Codex-like assistants, or custom orchestrators).