mmh. Wondering if public callout as amusing it is, is tcreating some kind of competition to just be called out by you for AI slop reviews. :)

it's amazing how cordial you can be even after finding out the PoC script *doesn't even invoke curl*, I admire your patience and professionalism.
These people need to be publicly shamed for wasting so much time and energy (and to what ends, one may wonder?), and for the test of us to know how much sh*t you have to deal with on a daily basis.

I read this with the last report in mind where curl wasnt even used. I looked through the .sh and thought "Uh, where is curl even used? It isnt? ..."

I wonder is it feasible/reasonable to ask that people pay a deposit to make hackerone reports? They get the deposit back plus bounty if it's a real bug, and don't keep it if it turns out to be ai slop.