report-templatelisted

# Report Template > Sub-skill of `offensive-osint`. Load `osint-methodology` for pipeline and deliverable context. > Authorized targets only. --- ## BEHAVIORAL CONTRACT **When triggered:** Report generation, bug bounty submission, vulnerability write-up, or client deliverable creation is needed. **Execute:** 1. Collect all findings from the current engagement — pull from sidecar JSON files if available (`analysis-and-reporting` §6). 2. For bug bounty submissions: populate the Bug Bounty Report Template (§1) for each finding. 3. For client deliverables: populate the Client Report Template (§2) covering all findings. 4. Auto-fill severity, confidence, and attack-path hints from `analysis-and-reporting` §4 and §3. 5. Include reproduction steps with evidence (URL + UTC timestamp + SHA-256). 6. Apply risk translation for executive audience (see `osint-methodology` §14). **Output:** Completed report per §1 or §2 template, ready for submission or delivery. **Severity rules:** Use severity from the finding schema. Include CVSS v3 vector + score for bug bounty. **Gating rules:** Never include raw credentials in reports — truncate to last 4 characters. Redact PII. Include encrypted credential bundle separately if needed. **Chain to:** This is typically the final skill in the pipeline. Receives findings from all other sub-skills via `analysis-and-reporting` sidecar coordination. --- ## 1. Bug Bounty Report Template ``` Title: [{severity}] [{component}] {brief description} #