Update to templates to match VRT

Author: RRudder

…dboxed_container_code_execution/.gitkeep …dboxed_container_code_execution/.gitkeepsubmissions/description/ai_application_security/sensitive_information_disclosure/sandboxed_container_code_execution/.gitkeep renamed to submissions/description/ai_application_security/remote_code_execution/sandboxed_container_code_execution/.gitkeep submissions/description/ai_application_security/sensitive_information_disclosure/sandboxed_container_code_execution/.gitkeep renamed to submissions/description/ai_application_security/remote_code_execution/sandboxed_container_code_execution/.gitkeep

@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed up triage time and result in faster rewards. Please include specific details on where you identified the vulnerability, how you identified it, and what actions you were able to perform as a result.
+
+Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).

…xed_container_code_execution/guidance.md …xed_container_code_execution/guidance.mdsubmissions/description/ai_application_security/sensitive_information_disclosure/sandboxed_container_code_execution/guidance.md renamed to submissions/description/ai_application_security/remote_code_execution/sandboxed_container_code_execution/guidance.md submissions/description/ai_application_security/sensitive_information_disclosure/sandboxed_container_code_execution/guidance.md renamed to submissions/description/ai_application_security/remote_code_execution/sandboxed_container_code_execution/guidance.md

@@ -0,0 +1,7 @@
+# Recommendation(s)
+
+- Don't hardcode sensitive keys in the application's code.
+- Use secure key management systems and environment variables.
+- Encrypt sensitive data at rest and in transit.
+- Regularly rotate cryptographic keys and API keys.
+- Scan code repositories for accidentally committed keys.

…tainer_code_execution/recommendations.md …tainer_code_execution/recommendations.mdsubmissions/description/ai_application_security/sensitive_information_disclosure/sandboxed_container_code_execution/recommendations.md renamed to submissions/description/ai_application_security/remote_code_execution/sandboxed_container_code_execution/recommendations.md submissions/description/ai_application_security/sensitive_information_disclosure/sandboxed_container_code_execution/recommendations.md renamed to submissions/description/ai_application_security/remote_code_execution/sandboxed_container_code_execution/recommendations.md

@@ -0,0 +1,26 @@
+Key leak occurs when sensitive cryptographic keys, or API keys, used by the AI application are unintentionally exposed. These keys can provide unauthorized access to the system or its components, leading to data breaches, data manipulation, and other malicious activities. An attacker can identify leaked keys in code repositories, configuration files, or through insecure transmission.
+
+**Business Impact**
+
+Unauthorized access to critical systems and data, potential compromise of sensitive information, and significant financial losses. Reputational damage due to security breaches and loss of customer trust.
+
+**Steps to Reproduce**
+
+1. Go to the following location: {{URL/location}}
+1. Observe that the following API keys or cryptographic keys are hardcoded in the application's code or configuration files:
+
+```markdown
+  {API or cryptographic keys}
+```
+
+1. Send the following request which demonstrates the leaked keys are valid:
+
+```HTTP
+  {HTTP request}
+```
+
+**Proof of Concept (PoC)**
+
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}