@blamejs/exceptd-skills 0.12.23 → 0.12.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +12 -4
- package/CHANGELOG.md +190 -3
- package/README.md +14 -1
- package/bin/exceptd.js +584 -166
- package/data/_indexes/_meta.json +31 -31
- package/data/_indexes/activity-feed.json +45 -45
- package/data/_indexes/catalog-summaries.json +19 -19
- package/data/_indexes/chains.json +320 -0
- package/data/_indexes/currency.json +9 -9
- package/data/_indexes/frequency.json +39 -2
- package/data/_indexes/jurisdiction-clocks.json +2 -2
- package/data/_indexes/jurisdiction-map.json +3 -1
- package/data/_indexes/section-offsets.json +396 -396
- package/data/_indexes/summary-cards.json +3 -3
- package/data/_indexes/token-budget.json +73 -73
- package/data/atlas-ttps.json +491 -19
- package/data/attack-techniques.json +198 -84
- package/data/cve-catalog.json +1309 -9
- package/data/exploit-availability.json +300 -10
- package/data/framework-control-gaps.json +395 -1
- package/data/global-frameworks.json +44 -19
- package/data/playbooks/containers.json +1 -1
- package/data/playbooks/crypto-codebase.json +1 -1
- package/data/playbooks/framework.json +1 -1
- package/data/playbooks/hardening.json +1 -1
- package/data/playbooks/library-author.json +1 -1
- package/data/playbooks/secrets.json +25 -1
- package/data/rfc-references.json +93 -1
- package/data/zeroday-lessons.json +475 -13
- package/lib/auto-discovery.js +26 -2
- package/lib/exit-codes.js +72 -0
- package/lib/flag-suggest.js +130 -0
- package/lib/id-validation.js +95 -0
- package/lib/lint-skills.js +68 -1
- package/lib/playbook-runner.js +321 -46
- package/lib/prefetch.js +113 -0
- package/lib/refresh-external.js +190 -8
- package/lib/refresh-network.js +35 -8
- package/lib/schemas/cve-catalog.schema.json +31 -4
- package/lib/schemas/playbook.schema.json +51 -0
- package/lib/scoring.js +41 -0
- package/lib/upstream-check-cli.js +16 -1
- package/lib/upstream-check.js +9 -0
- package/lib/verify.js +20 -4
- package/manifest-snapshot.json +1 -1
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +59 -59
- package/package.json +8 -2
- package/sbom.cdx.json +6 -6
- package/scripts/check-test-coverage.js +67 -0
- package/scripts/verify-shipped-tarball.js +9 -0
- package/skills/ai-attack-surface/skill.md +11 -2
- package/skills/ai-c2-detection/skill.md +3 -1
- package/skills/ai-risk-management/skill.md +3 -1
- package/skills/api-security/skill.md +4 -0
- package/skills/attack-surface-pentest/skill.md +1 -0
- package/skills/container-runtime-security/skill.md +3 -1
- package/skills/dlp-gap-analysis/skill.md +1 -1
- package/skills/exploit-scoring/skill.md +2 -2
- package/skills/incident-response-playbook/skill.md +1 -1
- package/skills/kernel-lpe-triage/skill.md +6 -1
- package/skills/mcp-agent-trust/skill.md +7 -2
- package/skills/mlops-security/skill.md +1 -1
- package/skills/rag-pipeline-security/skill.md +4 -2
- package/skills/sector-financial/skill.md +1 -1
- package/skills/skill-update-loop/skill.md +1 -1
- package/skills/supply-chain-integrity/skill.md +3 -1
- package/skills/threat-model-currency/skill.md +1 -1
- package/skills/webapp-security/skill.md +2 -0
- package/skills/zeroday-gap-learn/skill.md +2 -2
|
@@ -115,7 +115,7 @@
|
|
|
115
115
|
},
|
|
116
116
|
"mcp-agent-trust": {
|
|
117
117
|
"description": "Enumerate MCP trust boundary failures — tool allowlisting, signed manifests, bearer auth, zero-interaction RCE",
|
|
118
|
-
"threat_context_excerpt": "The Model Context Protocol (MCP) is an open protocol for connecting AI assistants to external tools and data sources. It is now the standard integration layer for AI coding assistants: Cursor, VS Code + GitHub Copilot, Windsurf, Claude Code, and Gemini CLI all support MCP servers.",
|
|
118
|
+
"threat_context_excerpt": "The Model Context Protocol (MCP) is an open protocol for connecting AI assistants to external tools and data sources. It is now the standard integration layer for AI coding assistants: Cursor, VS Code + GitHub Copilot, Windsurf, Claude Code, and Gemini CLI all support MCP servers. Background reality: 41% of 2025 zero-days were AI-discovered (GTIG 2025); Fragnesia (CVE-2026-46300, 2026-05-13) is the canonical AI-driven autonomous-discovery anchor — Zellic's agentic auditor surfaced an 18-year-old kernel primitive that load-bearing MCP-server hosts depend on. The first documented AI-built ...",
|
|
119
119
|
"produces": "```\n## MCP Trust Assessment\n\n**Assessment Date:** YYYY-MM-DD\n**Scope:** [workstations / AI systems assessed]\n\n### Installed MCP Server Inventory\n| Server | Version | Source | Tools Exposed | Filesystem | Network | Shell | Auth Required | Allowlist |\n|--------|---------|--------|---------------|------------|---------|-------|---------------|-----------|\n\n### CVE-2026-30615 Exposure\n[Windsurf version check — patched/unpatched]\n\n### Trust Posture Score\n[Per server: Critical/High/Medium/Low with factor breakdown]\n\n### Immediate Actions Required\n[Servers to remove, versions to pin, configs to lock] ...",
|
|
120
120
|
"key_xrefs": {
|
|
121
121
|
"cwe_refs": [
|
|
@@ -264,7 +264,7 @@
|
|
|
264
264
|
},
|
|
265
265
|
"rag-pipeline-security": {
|
|
266
266
|
"description": "RAG-specific threat model — embedding manipulation, vector store poisoning, retrieval filter bypass, indirect prompt injection",
|
|
267
|
-
"threat_context_excerpt": "Retrieval-Augmented Generation (RAG) pipelines introduce a unique attack surface that exists at the intersection of traditional data security and AI-specific vulnerabilities. No current compliance framework has adequate controls for this attack surface. The threats in this skill are not theoretical — they have been demonstrated in research and observed in production incidents.",
|
|
267
|
+
"threat_context_excerpt": "Retrieval-Augmented Generation (RAG) pipelines introduce a unique attack surface that exists at the intersection of traditional data security and AI-specific vulnerabilities. No current compliance framework has adequate controls for this attack surface. The threats in this skill are not theoretical — they have been demonstrated in research and observed in production incidents. Operational context: 41% of 2025 zero-days were AI-discovered (GTIG 2025); the first AI-built in-the-wild zero-day surfaced 2026-05-11 (GTIG AI 2FA-bypass), and Fragnesia (CVE-2026-46300, 2026-05-13) is the canonical ...",
|
|
268
268
|
"produces": "```\n## RAG Pipeline Security Assessment\n\n**Date:** YYYY-MM-DD\n**Knowledge Base:** [description]\n**Query Volume:** [requests/day estimate]\n\n### Pipeline Map\n[Ingestion → Chunking → Embedding → Store → Retrieval → Context → LLM → Output]\n\n### Attack Class Exposure\n| Attack Class | Possible | Attacker Access Required | Current Mitigations | Risk |\n|---|---|---|---|---|\n| Embedding manipulation (exfil) | | | | |\n| Vector store poisoning | | | | |\n| Chunking exploitation | | | | |\n| Retrieval filter bypass | | | | |\n| Indirect prompt injection | | | | |\n\n### RAG Security Score: [X/80]\n\n### Priority ...",
|
|
269
269
|
"key_xrefs": {
|
|
270
270
|
"cwe_refs": [
|
|
@@ -313,7 +313,7 @@
|
|
|
313
313
|
},
|
|
314
314
|
"ai-c2-detection": {
|
|
315
315
|
"description": "Detect adversary use of AI APIs as covert C2 — SesameOp pattern, PROMPTFLUX/PROMPTSTEAL behavioral signatures",
|
|
316
|
-
"threat_context_excerpt": "The
|
|
316
|
+
"threat_context_excerpt": "The AI-as-adversary reality that motivates this skill is now operationally documented: 41% of 2025 zero-days were AI-discovered (GTIG 2025), the first AI-built in-the-wild zero-day was confirmed 2026-05-11 (GTIG AI 2FA-bypass case), and Fragnesia (CVE-2026-46300, 2026-05-13) is the canonical AI-driven autonomous-discovery anchor — Zellic's agentic auditor surfaced an 18-year-old Linux kernel primitive. C2 channels riding the same agentic AI infrastructure are the next logical step; CTID Secure AI v2 (2026-05-06, replaces v1) treats AI-API C2 detection as an in-scope control class.",
|
|
317
317
|
"produces": "```\n## AI C2 Detection Assessment\n\n**Date:** YYYY-MM-DD\n**Scope:** [hosts / network segments assessed]\n\n### Current Detection Coverage\n| Detection Layer | Deployed | Coverage |\n|---|---|---|\n| Process-level AI API baseline | Yes/No | [% of host types covered] |\n| Behavioral correlation (AI + file/cred/scan) | Yes/No | [configured correlations] |\n| TLS inspection for AI traffic | Yes/No | [% of AI API traffic] |\n| Response monitoring | Yes/No | [coverage] |\n\n### Coverage Gaps\n[What's missing from the detection architecture]\n\n### Active Indicators\n[If this is a live investigation: current IOCs, ...",
|
|
318
318
|
"key_xrefs": {
|
|
319
319
|
"cwe_refs": [],
|
|
@@ -3,17 +3,17 @@
|
|
|
3
3
|
"schema_version": "1.0.0",
|
|
4
4
|
"tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
|
|
5
5
|
"approx_chars_per_token": 4,
|
|
6
|
-
"total_chars":
|
|
7
|
-
"total_approx_tokens":
|
|
6
|
+
"total_chars": 1430239,
|
|
7
|
+
"total_approx_tokens": 357564,
|
|
8
8
|
"skill_count": 38
|
|
9
9
|
},
|
|
10
10
|
"skills": {
|
|
11
11
|
"kernel-lpe-triage": {
|
|
12
12
|
"path": "skills/kernel-lpe-triage/skill.md",
|
|
13
|
-
"bytes":
|
|
14
|
-
"chars":
|
|
15
|
-
"lines":
|
|
16
|
-
"approx_tokens":
|
|
13
|
+
"bytes": 30522,
|
|
14
|
+
"chars": 30353,
|
|
15
|
+
"lines": 395,
|
|
16
|
+
"approx_tokens": 7588,
|
|
17
17
|
"approx_chars_per_token": 4,
|
|
18
18
|
"sections": {
|
|
19
19
|
"threat-context": {
|
|
@@ -70,16 +70,16 @@
|
|
|
70
70
|
},
|
|
71
71
|
"ai-attack-surface": {
|
|
72
72
|
"path": "skills/ai-attack-surface/skill.md",
|
|
73
|
-
"bytes":
|
|
74
|
-
"chars":
|
|
75
|
-
"lines":
|
|
76
|
-
"approx_tokens":
|
|
73
|
+
"bytes": 25250,
|
|
74
|
+
"chars": 25182,
|
|
75
|
+
"lines": 328,
|
|
76
|
+
"approx_tokens": 6296,
|
|
77
77
|
"approx_chars_per_token": 4,
|
|
78
78
|
"sections": {
|
|
79
79
|
"threat-context": {
|
|
80
|
-
"bytes":
|
|
81
|
-
"chars":
|
|
82
|
-
"approx_tokens":
|
|
80
|
+
"bytes": 8028,
|
|
81
|
+
"chars": 7994,
|
|
82
|
+
"approx_tokens": 1999
|
|
83
83
|
},
|
|
84
84
|
"framework-lag-declaration": {
|
|
85
85
|
"bytes": 2465,
|
|
@@ -120,16 +120,16 @@
|
|
|
120
120
|
},
|
|
121
121
|
"mcp-agent-trust": {
|
|
122
122
|
"path": "skills/mcp-agent-trust/skill.md",
|
|
123
|
-
"bytes":
|
|
124
|
-
"chars":
|
|
125
|
-
"lines":
|
|
126
|
-
"approx_tokens":
|
|
123
|
+
"bytes": 27437,
|
|
124
|
+
"chars": 27349,
|
|
125
|
+
"lines": 366,
|
|
126
|
+
"approx_tokens": 6837,
|
|
127
127
|
"approx_chars_per_token": 4,
|
|
128
128
|
"sections": {
|
|
129
129
|
"threat-context": {
|
|
130
|
-
"bytes":
|
|
131
|
-
"chars":
|
|
132
|
-
"approx_tokens":
|
|
130
|
+
"bytes": 5462,
|
|
131
|
+
"chars": 5448,
|
|
132
|
+
"approx_tokens": 1362
|
|
133
133
|
},
|
|
134
134
|
"framework-lag-declaration": {
|
|
135
135
|
"bytes": 3837,
|
|
@@ -285,10 +285,10 @@
|
|
|
285
285
|
},
|
|
286
286
|
"exploit-scoring": {
|
|
287
287
|
"path": "skills/exploit-scoring/skill.md",
|
|
288
|
-
"bytes":
|
|
289
|
-
"chars":
|
|
288
|
+
"bytes": 24352,
|
|
289
|
+
"chars": 24212,
|
|
290
290
|
"lines": 357,
|
|
291
|
-
"approx_tokens":
|
|
291
|
+
"approx_tokens": 6053,
|
|
292
292
|
"approx_chars_per_token": 4,
|
|
293
293
|
"sections": {
|
|
294
294
|
"frontmatter-scope": {
|
|
@@ -297,9 +297,9 @@
|
|
|
297
297
|
"approx_tokens": 154
|
|
298
298
|
},
|
|
299
299
|
"threat-context": {
|
|
300
|
-
"bytes":
|
|
301
|
-
"chars":
|
|
302
|
-
"approx_tokens":
|
|
300
|
+
"bytes": 2409,
|
|
301
|
+
"chars": 2397,
|
|
302
|
+
"approx_tokens": 599
|
|
303
303
|
},
|
|
304
304
|
"framework-lag-declaration": {
|
|
305
305
|
"bytes": 2410,
|
|
@@ -350,16 +350,16 @@
|
|
|
350
350
|
},
|
|
351
351
|
"rag-pipeline-security": {
|
|
352
352
|
"path": "skills/rag-pipeline-security/skill.md",
|
|
353
|
-
"bytes":
|
|
354
|
-
"chars":
|
|
355
|
-
"lines":
|
|
356
|
-
"approx_tokens":
|
|
353
|
+
"bytes": 31195,
|
|
354
|
+
"chars": 31022,
|
|
355
|
+
"lines": 330,
|
|
356
|
+
"approx_tokens": 7756,
|
|
357
357
|
"approx_chars_per_token": 4,
|
|
358
358
|
"sections": {
|
|
359
359
|
"threat-context": {
|
|
360
|
-
"bytes":
|
|
361
|
-
"chars":
|
|
362
|
-
"approx_tokens":
|
|
360
|
+
"bytes": 1392,
|
|
361
|
+
"chars": 1374,
|
|
362
|
+
"approx_tokens": 344
|
|
363
363
|
},
|
|
364
364
|
"attack-class-1-embedding-manipulation-for-data-exfiltration": {
|
|
365
365
|
"bytes": 1641,
|
|
@@ -430,16 +430,16 @@
|
|
|
430
430
|
},
|
|
431
431
|
"ai-c2-detection": {
|
|
432
432
|
"path": "skills/ai-c2-detection/skill.md",
|
|
433
|
-
"bytes":
|
|
434
|
-
"chars":
|
|
435
|
-
"lines":
|
|
436
|
-
"approx_tokens":
|
|
433
|
+
"bytes": 36020,
|
|
434
|
+
"chars": 35874,
|
|
435
|
+
"lines": 477,
|
|
436
|
+
"approx_tokens": 8969,
|
|
437
437
|
"approx_chars_per_token": 4,
|
|
438
438
|
"sections": {
|
|
439
439
|
"threat-context": {
|
|
440
|
-
"bytes":
|
|
441
|
-
"chars":
|
|
442
|
-
"approx_tokens":
|
|
440
|
+
"bytes": 5382,
|
|
441
|
+
"chars": 5372,
|
|
442
|
+
"approx_tokens": 1343
|
|
443
443
|
},
|
|
444
444
|
"framework-lag-declaration": {
|
|
445
445
|
"bytes": 1486,
|
|
@@ -680,10 +680,10 @@
|
|
|
680
680
|
},
|
|
681
681
|
"zeroday-gap-learn": {
|
|
682
682
|
"path": "skills/zeroday-gap-learn/skill.md",
|
|
683
|
-
"bytes":
|
|
684
|
-
"chars":
|
|
683
|
+
"bytes": 37609,
|
|
684
|
+
"chars": 37453,
|
|
685
685
|
"lines": 444,
|
|
686
|
-
"approx_tokens":
|
|
686
|
+
"approx_tokens": 9363,
|
|
687
687
|
"approx_chars_per_token": 4,
|
|
688
688
|
"sections": {
|
|
689
689
|
"frontmatter-scope": {
|
|
@@ -692,9 +692,9 @@
|
|
|
692
692
|
"approx_tokens": 135
|
|
693
693
|
},
|
|
694
694
|
"threat-context": {
|
|
695
|
-
"bytes":
|
|
696
|
-
"chars":
|
|
697
|
-
"approx_tokens":
|
|
695
|
+
"bytes": 2173,
|
|
696
|
+
"chars": 2163,
|
|
697
|
+
"approx_tokens": 541
|
|
698
698
|
},
|
|
699
699
|
"framework-lag-declaration": {
|
|
700
700
|
"bytes": 2545,
|
|
@@ -1035,10 +1035,10 @@
|
|
|
1035
1035
|
},
|
|
1036
1036
|
"attack-surface-pentest": {
|
|
1037
1037
|
"path": "skills/attack-surface-pentest/skill.md",
|
|
1038
|
-
"bytes":
|
|
1039
|
-
"chars":
|
|
1040
|
-
"lines":
|
|
1041
|
-
"approx_tokens":
|
|
1038
|
+
"bytes": 32626,
|
|
1039
|
+
"chars": 32485,
|
|
1040
|
+
"lines": 386,
|
|
1041
|
+
"approx_tokens": 8121,
|
|
1042
1042
|
"approx_chars_per_token": 4,
|
|
1043
1043
|
"sections": {
|
|
1044
1044
|
"threat-context": {
|
|
@@ -1185,10 +1185,10 @@
|
|
|
1185
1185
|
},
|
|
1186
1186
|
"supply-chain-integrity": {
|
|
1187
1187
|
"path": "skills/supply-chain-integrity/skill.md",
|
|
1188
|
-
"bytes":
|
|
1189
|
-
"chars":
|
|
1190
|
-
"lines":
|
|
1191
|
-
"approx_tokens":
|
|
1188
|
+
"bytes": 40261,
|
|
1189
|
+
"chars": 40123,
|
|
1190
|
+
"lines": 325,
|
|
1191
|
+
"approx_tokens": 10031,
|
|
1192
1192
|
"approx_chars_per_token": 4,
|
|
1193
1193
|
"sections": {
|
|
1194
1194
|
"threat-context": {
|
|
@@ -1510,10 +1510,10 @@
|
|
|
1510
1510
|
},
|
|
1511
1511
|
"webapp-security": {
|
|
1512
1512
|
"path": "skills/webapp-security/skill.md",
|
|
1513
|
-
"bytes":
|
|
1514
|
-
"chars":
|
|
1515
|
-
"lines":
|
|
1516
|
-
"approx_tokens":
|
|
1513
|
+
"bytes": 29073,
|
|
1514
|
+
"chars": 28899,
|
|
1515
|
+
"lines": 287,
|
|
1516
|
+
"approx_tokens": 7225,
|
|
1517
1517
|
"approx_chars_per_token": 4,
|
|
1518
1518
|
"sections": {
|
|
1519
1519
|
"threat-context": {
|
|
@@ -1565,10 +1565,10 @@
|
|
|
1565
1565
|
},
|
|
1566
1566
|
"ai-risk-management": {
|
|
1567
1567
|
"path": "skills/ai-risk-management/skill.md",
|
|
1568
|
-
"bytes":
|
|
1569
|
-
"chars":
|
|
1570
|
-
"lines":
|
|
1571
|
-
"approx_tokens":
|
|
1568
|
+
"bytes": 34702,
|
|
1569
|
+
"chars": 34520,
|
|
1570
|
+
"lines": 318,
|
|
1571
|
+
"approx_tokens": 8630,
|
|
1572
1572
|
"approx_chars_per_token": 4,
|
|
1573
1573
|
"sections": {
|
|
1574
1574
|
"purpose": {
|
|
@@ -1577,9 +1577,9 @@
|
|
|
1577
1577
|
"approx_tokens": 194
|
|
1578
1578
|
},
|
|
1579
1579
|
"threat-context": {
|
|
1580
|
-
"bytes":
|
|
1581
|
-
"chars":
|
|
1582
|
-
"approx_tokens":
|
|
1580
|
+
"bytes": 4363,
|
|
1581
|
+
"chars": 4339,
|
|
1582
|
+
"approx_tokens": 1085
|
|
1583
1583
|
},
|
|
1584
1584
|
"framework-lag-declaration": {
|
|
1585
1585
|
"bytes": 5286,
|
|
@@ -1845,10 +1845,10 @@
|
|
|
1845
1845
|
},
|
|
1846
1846
|
"api-security": {
|
|
1847
1847
|
"path": "skills/api-security/skill.md",
|
|
1848
|
-
"bytes":
|
|
1849
|
-
"chars":
|
|
1850
|
-
"lines":
|
|
1851
|
-
"approx_tokens":
|
|
1848
|
+
"bytes": 35524,
|
|
1849
|
+
"chars": 35289,
|
|
1850
|
+
"lines": 295,
|
|
1851
|
+
"approx_tokens": 8822,
|
|
1852
1852
|
"approx_chars_per_token": 4,
|
|
1853
1853
|
"sections": {
|
|
1854
1854
|
"threat-context": {
|
|
@@ -1955,10 +1955,10 @@
|
|
|
1955
1955
|
},
|
|
1956
1956
|
"container-runtime-security": {
|
|
1957
1957
|
"path": "skills/container-runtime-security/skill.md",
|
|
1958
|
-
"bytes":
|
|
1959
|
-
"chars":
|
|
1960
|
-
"lines":
|
|
1961
|
-
"approx_tokens":
|
|
1958
|
+
"bytes": 49104,
|
|
1959
|
+
"chars": 48944,
|
|
1960
|
+
"lines": 385,
|
|
1961
|
+
"approx_tokens": 12236,
|
|
1962
1962
|
"approx_chars_per_token": 4,
|
|
1963
1963
|
"sections": {
|
|
1964
1964
|
"threat-context": {
|