I haven't seen an AI take a screenshot of their terminal yet. And Kali on WSL does seem like something an overambitious script kiddy would use. On the other hand, the user definetly types like an LLM, and not answering the direct question is hella suspicious 🤔

Maybe it's a kid who's just asking ChatGPT what to do and say?

does the form require the Mitigation Recommendations and Impact sections, and does itbsuggest 3 bullet points for each? If not, then definitely slop, whether human or AI.

Also, the mitigation recommendations seem very generic and don't demonstrate a beyond-surface-level understanding of the usecase.

I voted “not slop” for the benefit of doubt. At least that report was reasonably concise.

Maybe you could require security issue reporters to provide a minimal Dockerfile demonstrating the issue and a screenshot of the output highlighting the failure? (and require output lines to be timestamped in that screenshot)

first thing which weirded me out - long and detailed, from the looks, text. But no mentions of the specific environment (including the version of curl) "used" to "reproduce". Which should be one of the most important details, I suppose.

But yeah. Tricky as heck.

Pretty confident an LLM was at least used to create the text. However I think this is a rare case of the user actually bothering to trim the output down so it’s readable.

If the problem were real that would be it, but you mentioned even the version they cited in the comment doesn’t exhibit the problem. For that reason I have to lean toward slop.