I made cron jobs for submitting HackerOne reports on CRLF injections, HTTP headers added by the user and the use of file:// urls to access local data accessible to the user already but with curl instead of notepad.

We could bundle these with the curl release tar ball for further reach. People seem to want those.💁🏻‍♂️

Would it be an option to add a small submission fee? That is of course unfair to researchers from developing countries. But $5 should dissuade the AI slop at least a little, I'd imagine.

Not sure if there was already a discussion in another thread about what could be done. Apologies if I have missed that.

Either way this current asymmetry of effort to report vs. effort to check is not sustainable. Thanks for putting up with it so far.