@blamejs/exceptd-skills 0.12.32 → 0.12.34

package/ARCHITECTURE.md

@@ -36,7 +36,7 @@ data_deps:
   - cve-catalog.json          # files in data/ this skill reads
   - atlas-ttps.json
 atlas_refs:
-  - AML.T0043                 # MITRE ATLAS v5.1.0 TTP IDs
+  - AML.T0043                 # MITRE ATLAS v5.4.0 TTP IDs
   - AML.T0054
 attack_refs:
   - T1068                     # MITRE ATT&CK TTP IDs
@@ -121,7 +121,7 @@ Schema per entry:
   "AML.T0043": {
     "name": "Craft Adversarial Data",
     "tactic": "ML Attack Staging",
-    "atlas_version": "5.1.0",
+    "atlas_version": "5.4.0",
     "description": "...",
     "framework_coverage": {
       "NIST-800-53": {"covered": false, "nearest_control": null, "gap_description": "..."},
@@ -179,7 +179,7 @@ Tracks PoC status, weaponization stage, and AI-assist factor per CVE. Updated wh
 
 ### `data/d3fend-catalog.json`
 
-28 MITRE D3FEND defensive technique entries pinned to **D3FEND v1.0.0**. Each entry records the defensive technique ID (e.g., `D3-EAL` Executable Allowlisting), the tactic / artifact it defends, the offensive ATLAS / ATT&CK TTPs it counters, defense-in-depth layer position, least-privilege scope assumptions, zero-trust posture compatibility, and AI-pipeline applicability per Hard Rule #9. Skills cite D3FEND IDs in `d3fend_refs` to map offensive findings to a defensive countermeasure rather than to abstract control language. The `defensive-countermeasure-mapping` skill is the canonical consumer; any skill shipped on or after 2026-05-11 includes a Defensive Countermeasure Mapping section referencing this catalog.
+29 MITRE D3FEND defensive technique entries pinned to **D3FEND v1.0.0**. Each entry records the defensive technique ID (e.g., `D3-EAL` Executable Allowlisting), the tactic / artifact it defends, the offensive ATLAS / ATT&CK TTPs it counters, defense-in-depth layer position, least-privilege scope assumptions, zero-trust posture compatibility, and AI-pipeline applicability per Hard Rule #9. Skills cite D3FEND IDs in `d3fend_refs` to map offensive findings to a defensive countermeasure rather than to abstract control language. The `defensive-countermeasure-mapping` skill is the canonical consumer; any skill shipped on or after 2026-05-11 includes a Defensive Countermeasure Mapping section referencing this catalog.
 
 `_meta.d3fend_version` pins the version; D3FEND ontology additions are tracked in skill `forward_watch` fields.
 
@@ -201,7 +201,7 @@ RWEP (Real-World Exploit Priority) scoring engine.
 
 - `score(cveId)` — Return RWEP score for a CVE in the catalog
 - `scoreCustom(factors)` — Score a custom factor set (for CVEs not yet in catalog)
-- `validate()` — Schema validation: check all skill data_deps resolve, all CVE entries are complete, all ATLAS refs are valid v5.1.0 IDs
+- `validate()` — Schema validation: check all skill data_deps resolve, all CVE entries are complete, all ATLAS refs are valid v5.4.0 IDs
 - `compare(cveId)` — Return CVSS vs. RWEP comparison with explanation of the delta
 
 RWEP factor weights:

package/CHANGELOG.md

@@ -1,5 +1,56 @@
 # Changelog
 
+## 0.12.34 — 2026-05-15
+
+Documentation accuracy pass. README.md + ARCHITECTURE.md were still pinning ATLAS v5.1.0 and ATT&CK v17 — outdated for nine releases. v0.12.29 fixed the manifest.json pin (cycle 9 Hard Rule #8 audit) but the operator-facing docs weren't updated. Plus catalog count drift (38 skills → 42; 28 D3FEND entries → 29).
+
+### Bugs
+
+**README ATLAS pin lie.** Five sites in `README.md` referenced ATLAS v5.1.0 + "(November 2025)" while the actual catalog pin is v5.4.0 (2026-02-06). Operators reading the README to understand which ATLAS version this catalog tracks saw a stale 6-month-old answer. Corrected: badge URL, narrative paragraphs, framework-lag table footer, `atlas-ttps.json` description.
+
+**ARCHITECTURE.md ATLAS + D3FEND pin lies.** Three sites referenced ATLAS v5.1.0 (matched the manifest pre-cycle-9, stale post-fix). One site stated "28 D3FEND defensive technique entries" — was correct until v0.12.33 added D3-EFA bringing the count to 29.
+
+**README skill count stale.** Said "38 skills" — actual was 42 since v0.12.28's IR-cluster (idp-incident-response, cloud-iam-incident, ransomware-response added 3 skills) plus sector-telecom added v0.12.26.
+
+### Features
+
+**`tests/docs-catalog-counts-pinned.test.js`** — new contract test asserts that README.md and ARCHITECTURE.md text matches the live catalog state for: ATLAS version (`data/atlas-ttps.json._meta.atlas_version`), ATT&CK version (`data/attack-techniques.json._meta.attack_version`), skill count (`manifest.json.skills.length`), D3FEND entry count, CVE catalog count, framework-gap entry count. Any future PR that bumps a catalog without updating the operator-facing docs fails the gate at CI time — eliminates the silent-drift class that v0.12.34 cleaned up.
+
+### Internal
+
+- Cycle 14 audit dispatched 3 read-only agents (playbook execution semantics, air-gap end-to-end, docs accuracy). Two were rate-limited and returned no findings; the docs-accuracy work was completed on the main thread.
+- Cycle 14 main-thread playbook-execution sanity check confirmed: kernel playbook correctly classifies as `detected` with 4 matched CVEs + RWEP 100 when signal_overrides shape is correct (`{indicator_id: 'hit'}`, NOT `{indicator_id: {verdict: 'hit'}}`). The runner is sound; the operator API surface is occasionally subtle.
+- Cycle 14 main-thread air-gap verification confirmed: `--air-gap` flag and `EXCEPTD_AIR_GAP=1` env-var both thread into `runOpts.airGap`; `lib/playbook-runner.js:576` correctly substitutes `air_gap_alternative` for `source` on look artifacts; original source preserved as `_original_source` for audit.
+
+
+
+Same-day CVE intake (node-ipc supply-chain compromise) + cycle 13 audit fixes. Closes the long-standing `cred-stores` skill-vs-playbook semantic confusion that's surfaced in every audit since cycle 9.
+
+### Features
+
+**`MAL-2026-NODE-IPC-STEALER` — npm node-ipc supply-chain compromise (2026-05-14).** Three malicious versions (`9.1.6`, `9.2.3`, `12.0.1`) published by `atiertant`. Novel attack class: not credential theft, not typosquat, not lifecycle-hook worm — the attacker re-registered the maintainer's expired email domain (`atlantis-software.net`, expired and grabbed via Namecheap PrivateEmail on 2026-05-07) and abused npm's email-based password-reset flow to gain publish rights. 80 KB obfuscated IIFE in `node-ipc.cjs` fires on every `require()` (no hooks needed) and exfiltrates AWS / GCP / Azure / SSH / Kubernetes / Vault / Claude AI / Kiro IDE credentials via DNS TXT queries to an Azure-lookalike spoofed domain. 3.35M monthly downloads. Carries `kev_scope_note` per the cycle 11 ecosystem-package CISA-KEV-scope precedent. RWEP 43.
+
+**Three new control requirements in `zeroday-lessons`** capture the structural lesson: **NEW-CTRL-047 PACKAGE-MAINTAINER-DOMAIN-EXPIRY-MONITORING** (continuous WHOIS expiry monitoring on every critical-path maintainer email domain + dual-factor account recovery); **NEW-CTRL-048 NPM-MAINTAINER-MFA-ENFORCEMENT** (registry-side mandatory MFA on publish-enabled accounts); **NEW-CTRL-049 LOCKFILE-INTEGRITY-VERIFIED-AT-CI-BOOT** (`npm ci` / `--frozen-lockfile` / `--immutable` catches the swap even after a successful publish — `--ignore-scripts` does NOT mitigate because the payload ships in the main module, not a postinstall hook).
+
+**`D3-EFA` (Executable File Analysis) added to D3FEND catalog.** `sector-telecom` skill cited it but the entry didn't exist — cycle 13 finding. Distinct from `D3-EAL` (Executable Allowlisting): EAL blocks at execute-time; EFA inspects bytes at file-write / image-pull / artifact-fetch time and gates the allowlist decision itself.
+
+**CLI envelope-shape contract tests.** `tests/cli-output-envelope-shape.test.js` pins the EXACT top-level key set on `attest list --json`, `attest verify --json` (error path), and `version`. A contributor adding a new top-level field to these verbs now gets a forcing-function test failure that requires updating the contract. Expanded coverage to `run` / `ci` / `discover` / `brief` / `doctor` / `watchlist` deferred to future cycles as their shapes stabilize.
+
+### Bugs
+
+**`cred-stores` skill-vs-playbook semantic finally cleaned up.** Cycles 9, 12, and 13 all flagged that the 3 IR playbooks and 3 IR skills referenced `cred-stores` in `skill_preload` / `skill_chain` / Hand-Off sections as if it were a skill — but it's actually a playbook. Operators (and any tooling resolving these refs against `manifest.json.skills`) failed. Fixes: removed `cred-stores` from `data/playbooks/{idp-incident,cloud-iam-incident}.json` `skill_preload` + `skill_chain` (hand-off is via `_meta.feeds_into`, which was already present); annotated `cred-stores` / `framework` references in `skills/{idp-incident-response,cloud-iam-incident,ransomware-response}/skill.md` Hand-Off sections as *(playbook chain, not a skill)* with the explicit note that hand-off is via the playbook chain, not a skill load. Predeploy playbook validator now warning-free (was 6 warnings every release).
+
+### Internal
+
+- CVE catalog 36 → 37 entries; zeroday-lessons 21 → 22 entries.
+- AI-discovery rate stays at 16.2% (one more vendor/ecosystem-discovered entry dilutes the observed rate; floor remains 0.15).
+- D3FEND catalog 28 → 29 entries.
+- `tests/v0_12_33-node-ipc-coverage.test.js` pins MAL-2026-NODE-IPC-STEALER entry shape (iocs object with ≥1 category, kev_scope_note presence, NEW-CTRL-047 in lessons).
+- Reverse-ref regen: 3 CWE entries updated with the new MAL-* CVE evidence; 1 D3FEND skill_referencing prune (sector-telecom now correctly anchored against D3-EFA).
+- Test count 1109 → 1119.
+- 14/14 predeploy gates green.
+
+
 ## 0.12.32 — 2026-05-15
 
 Cycle 11 CLI polish + cycle 12 catalog hardening. The headline closes a silent regression where the 6 CVEs advertised by v0.12.31 were shipped as `_draft: true` and therefore invisible to default `cross-ref-api` queries — operators running `exceptd` against Exchange would have gotten a clean bill on CVE-2026-42897.

package/README.md

@@ -14,9 +14,9 @@
 [![CI](https://img.shields.io/github/actions/workflow/status/blamejs/exceptd-skills/ci.yml?branch=main&label=CI)](https://github.com/blamejs/exceptd-skills/actions/workflows/ci.yml)
 [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/blamejs/exceptd-skills/badge)](https://scorecard.dev/viewer/?uri=github.com/blamejs/exceptd-skills)
 [![License: Apache 2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0)
-[![Skills](https://img.shields.io/badge/skills-38-d946ef)](#skill-inventory)
-[![ATLAS](https://img.shields.io/badge/MITRE%20ATLAS-v5.1.0-d946ef)](https://atlas.mitre.org)
-[![ATT&CK](https://img.shields.io/badge/MITRE%20ATT%26CK-v17-d946ef)](https://attack.mitre.org)
+[![Skills](https://img.shields.io/badge/skills-42-d946ef)](#skill-inventory)
+[![ATLAS](https://img.shields.io/badge/MITRE%20ATLAS-v5.4.0-d946ef)](https://atlas.mitre.org)
+[![ATT&CK](https://img.shields.io/badge/MITRE%20ATT%26CK-v19.0-d946ef)](https://attack.mitre.org)
 [![Ed25519-signed](https://img.shields.io/badge/skills-Ed25519--signed-2ea043)](AGENTS.md)
 [![Jurisdictions](https://img.shields.io/badge/jurisdictions-35-blue)](data/global-frameworks.json)
 
@@ -30,7 +30,7 @@ This platform surfaces what is actually happening right now. Every skill explici
 
 ## Status
 
-Pre-1.0. Latest release lives on [GitHub Releases](https://github.com/blamejs/exceptd-skills/releases) and on npm as [`@blamejs/exceptd-skills`](https://www.npmjs.com/package/@blamejs/exceptd-skills) (signed npm provenance attestation). 38 skills across kernel LPE, AI attack surface, MCP trust, RAG security, AI-API C2 detection, PQC migration, framework gap analysis, compliance theater, exploit scoring, threat-model currency, zero-day learning, global GRC, policy exception generation, security maturity tiers, skill update loop, attack-surface pen testing, fuzz testing, DLP gap analysis, supply-chain integrity, defensive-countermeasure mapping, identity assurance, OT/ICS security, coordinated vulnerability disclosure, threat-modeling methodology, child-safety age gates, plus sector packs (federal, financial, healthcare, energy) — and a `researcher` triage dispatcher. 10 data catalogs cover CVE / ATLAS / ATT&CK / CWE / D3FEND / DLP / RFC / framework gaps / global frameworks / zero-day lessons. 35 jurisdictions tracked. AI-consumer ergonomics: `data/_indexes/` ships 17 pre-computed indexes (xref / chains / dispatch / DiD ladders / theater fingerprints / recipes / token budget / currency / activity feed) regenerated by `npm run build-indexes`. External-data refresh is automated nightly via `.github/workflows/refresh.yml` — KEV/EPSS/NVD/RFC drift opens an auto-PR with deltas pre-applied; KEV adds new CVEs and IETF discovery auto-imports new RFCs across 48 project-relevant working groups (`_auto_imported` annotation flags entries for human curation); ATLAS/ATT&CK/CWE/D3FEND version bumps open an issue (audit required per AGENTS.md Hard Rule #12). `exceptd doctor --signatures` prints dual SHA-256 + SHA3-512 public-key fingerprints for out-of-band key pinning. `exceptd discover` probes 22 PQC algorithms across the full NIST + IETF emerging landscape. `exceptd framework-gap <framework> <scenario>` provides a non-AI programmatic runner for the framework-gap skill.
+Pre-1.0. Latest release lives on [GitHub Releases](https://github.com/blamejs/exceptd-skills/releases) and on npm as [`@blamejs/exceptd-skills`](https://www.npmjs.com/package/@blamejs/exceptd-skills) (signed npm provenance attestation). 42 skills across kernel LPE, AI attack surface, MCP trust, RAG security, AI-API C2 detection, PQC migration, framework gap analysis, compliance theater, exploit scoring, threat-model currency, zero-day learning, global GRC, policy exception generation, security maturity tiers, skill update loop, attack-surface pen testing, fuzz testing, DLP gap analysis, supply-chain integrity, defensive-countermeasure mapping, identity assurance, OT/ICS security, coordinated vulnerability disclosure, threat-modeling methodology, child-safety age gates, plus sector packs (federal, financial, healthcare, energy) — and a `researcher` triage dispatcher. 10 data catalogs cover CVE / ATLAS / ATT&CK / CWE / D3FEND / DLP / RFC / framework gaps / global frameworks / zero-day lessons. 35 jurisdictions tracked. AI-consumer ergonomics: `data/_indexes/` ships 17 pre-computed indexes (xref / chains / dispatch / DiD ladders / theater fingerprints / recipes / token budget / currency / activity feed) regenerated by `npm run build-indexes`. External-data refresh is automated nightly via `.github/workflows/refresh.yml` — KEV/EPSS/NVD/RFC drift opens an auto-PR with deltas pre-applied; KEV adds new CVEs and IETF discovery auto-imports new RFCs across 48 project-relevant working groups (`_auto_imported` annotation flags entries for human curation); ATLAS/ATT&CK/CWE/D3FEND version bumps open an issue (audit required per AGENTS.md Hard Rule #12). `exceptd doctor --signatures` prints dual SHA-256 + SHA3-512 public-key fingerprints for out-of-band key pinning. `exceptd discover` probes 22 PQC algorithms across the full NIST + IETF emerging landscape. `exceptd framework-gap <framework> <scenario>` provides a non-AI programmatic runner for the framework-gap skill.
 
 **v0.10.0 introduced the seven-phase playbook contract** — exceptd ships playbooks under `data/playbooks/*.json` that host AIs (Claude Code, Cursor, Gemini CLI, Codex) execute through seven phases: `govern → direct → look → detect → analyze → validate → close`. exceptd owns govern / direct / analyze / validate / close (knowledge + GRC layer); the host AI owns look / detect (artifact collection + indicator evaluation with its native Bash/Read/Grep/Glob).
 
@@ -55,7 +55,7 @@ Assess Linux kernel local privilege escalation exposure. Covers Copy Fail (CVE-2
 ### AI-Specific Attack Surface
 
 **[ai-attack-surface](skills/ai-attack-surface/skill.md)**
-Comprehensive AI/ML attack surface assessment mapped to MITRE ATLAS v5.1.0 with explicit gap flags. Covers prompt injection as enterprise RCE (CVE-2025-53773 CVSS 7.8, 85%+ bypass rate against SOTA defenses), MCP supply chain RCE (CVE-2026-30615, zero user interaction, 150M+ downloads), RAG exfiltration, model poisoning, AI-assisted exploit development (41% of 2025 zero-days), credential theft acceleration (160% increase).
+Comprehensive AI/ML attack surface assessment mapped to MITRE ATLAS v5.4.0 with explicit gap flags. Covers prompt injection as enterprise RCE (CVE-2025-53773 CVSS 7.8, 85%+ bypass rate against SOTA defenses), MCP supply chain RCE (CVE-2026-30615, zero user interaction, 150M+ downloads), RAG exfiltration, model poisoning, AI-assisted exploit development (41% of 2025 zero-days), credential theft acceleration (160% increase).
 
 **[mcp-agent-trust](skills/mcp-agent-trust/skill.md)**
 Enumerate MCP (Model Context Protocol) trust boundary failures. Covers tool allowlisting gaps, unsigned server manifests, prompt injection via tool responses, supply chain compromise. CVE-2026-30615 (Windsurf, zero-interaction RCE). Generates: tool allowlist policy, server signing requirements, bearer auth config, output sanitization requirements.
@@ -398,7 +398,7 @@ The `agents/` directory ships markdown role cards documenting authoring conventi
 All skills pull from `data/`. Cross-validated against canonical upstream sources via `exceptd refresh` / `exceptd doctor --cves` / `exceptd doctor --rfcs`.
 
 - `cve-catalog.json` — CVE metadata with RWEP scores, CISA KEV status, PoC availability, live-patch info
-- `atlas-ttps.json` — MITRE ATLAS v5.1.0 TTPs with gap flags and exploitation examples
+- `atlas-ttps.json` — MITRE ATLAS v5.4.0 TTPs with gap flags and exploitation examples
 - `framework-control-gaps.json` — Per-framework, per-control: what it was designed for vs. what it misses
 - `exploit-availability.json` — PoC locations, weaponization status, AI-assist factor
 - `global-frameworks.json` — All major global compliance frameworks (35 jurisdictions) with control inventories and lag scores
@@ -414,7 +414,7 @@ All skills pull from `data/`. Cross-validated against canonical upstream sources
 
 **Compliance is not security.** A SOC 2 Type II report confirms that controls existed and operated effectively during the audit period. It says nothing about whether those controls are adequate for current attack patterns. When NIST 800-53 SI-2 says "apply security patches in a timely manner" and Copy Fail is a 732-byte deterministic root with a public PoC and no race condition, "timely" is the wrong frame entirely.
 
-**Framework lag is measured in months.** MITRE ATLAS v5.1.0 (November 2025) is the most current AI threat framework available. It still lags real exploitation by 3-6 months. NIST AI RMF lags by years. ISO 27001:2022 has no AI-specific controls. These skills explicitly flag every place where framework coverage ends and real attacker capability begins.
+**Framework lag is measured in months.** MITRE ATLAS v5.4.0 (February 2026) is the most current AI threat framework available. It still lags real exploitation by 3-6 months. NIST AI RMF lags by years. ISO 27001:2022 has no AI-specific controls. These skills explicitly flag every place where framework coverage ends and real attacker capability begins.
 
 **AI changed the exploit development timeline.** Copy Fail was discovered by an AI system in approximately one hour. 41% of 2025 zero-days involved AI-assisted reverse engineering on the attacker side. The time between vulnerability introduction and reliable exploitation is compressing faster than patch management processes can adapt. Risk scoring must reflect this.
 

package/data/_indexes/_meta.json

@@ -1,21 +1,21 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-16T04:00:50.186Z",
+  "generated_at": "2026-05-16T05:57:55.851Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "4fdf61fee00b774deaec5cc6cc8d2241d9f073b3b9ee58e990565f5fe336e342",
+    "manifest.json": "50090cebd148a129469ac8d38995d93882f16b2c3bad8a0f8bb27c0104bb3377",
     "data/atlas-ttps.json": "259e76e4252c7a56c17bbe96982a5e37ac89131c2d37a547fe38d64dcacfd763",
     "data/attack-techniques.json": "51f60819aef36e960fd768e44dcc725e137781534fbbb028e5ef6baa21defa1d",
-    "data/cve-catalog.json": "f2bb3210f29fecaaedf2fa71ded77b545ad57bfcb36d3e2678b93b6592893b01",
-    "data/cwe-catalog.json": "e843729d4d1b688abadeab51ef261f16161eb25b05b7a44f5bc995f60525e089",
-    "data/d3fend-catalog.json": "35f076cd65d82ac97db90b72e884ec7ab2895c052567ee7d0c579c1965e6baaf",
+    "data/cve-catalog.json": "55aa571423fd254e6581b22a189a1c0eeb76d467b0ef645d1dfa39f74b28c569",
+    "data/cwe-catalog.json": "6e7349a0fac39bdf9c4cb4598e101e51400f67d64c5d653bbca462f28bc1a0cb",
+    "data/d3fend-catalog.json": "a1fc2827ceb344669e148d55197dbf1b0e5b20bcc618e90517639c17d67ee82d",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "a9eeda95d24b56c28a0d0178fc601b531653e2ba7dc857160b35ad23ad6c7471",
     "data/framework-control-gaps.json": "f88c5757553e3626981546ad1772189c6d40f9ddc24f730def949414cbab9cd0",
     "data/global-frameworks.json": "0168825497e03f079274c9da2e5529310a2ba5bd7c7da7c93acd0b66ed845b8a",
     "data/rfc-references.json": "e253a548c8a829d178d5aea601e268724b85c936ccbfa51c2e5d80c5f8efe2b0",
-    "data/zeroday-lessons.json": "d9b9c13b0bb5bc18c933b5e2f41c9422c4a2d1f639e20a0f2979f94a2494f1e3",
+    "data/zeroday-lessons.json": "c927653e6d9d86d1a36c23a3d782b099a49675ccd928cdc204887c79b0cfbbf1",
     "skills/kernel-lpe-triage/skill.md": "8e94bfd38d6db47342fbbe95a0c8df8f7c38743982c13e9de6a1c59cd3783d33",
     "skills/ai-attack-surface/skill.md": "13e543fc92b9b27cdb647dce96a9eeb44919e0fa92ec41e8265a9981a23e7b79",
     "skills/mcp-agent-trust/skill.md": "3cec1dce668deec44cb7330e165e89cee8379dd90833519004d566baf72c038c",
@@ -53,11 +53,11 @@
     "skills/container-runtime-security/skill.md": "f06260f0c468d6a4f0409294899017edab45c98d71db1fedd7a630fe6a7bf53a",
     "skills/mlops-security/skill.md": "e6a296fc67724aa3b026c0039f44867b44cf0926eade4fe616bfd0a4c77310bf",
     "skills/incident-response-playbook/skill.md": "8ef7ce1246dc1329b6df3cc9de8d79d35e2c02c703dcef20f35b312b1c24fd52",
-    "skills/ransomware-response/skill.md": "ffe07ba8c196aabceb69b07dafa7a9c3ca2ec8e5ce079107f4eec82512a01be1",
+    "skills/ransomware-response/skill.md": "603126d81f6c3619f0b2f6d81ea1d6b64f9c8c1296f877ad2e6d802ddab09165",
     "skills/email-security-anti-phishing/skill.md": "b5a7693b3ddbd6cd83303d092bc5e324db431245d25c4945d9f65fcffa1995e7",
     "skills/age-gates-child-safety/skill.md": "c741d7dca9da0abb09bdebb8a02e803ce4ae9fb9a6904fb8df3ec19cae83917d",
-    "skills/cloud-iam-incident/skill.md": "35a9dd108679103c0eca54ea0c5b8f3db0a199975f87e20660b2c3a11440f40b",
-    "skills/idp-incident-response/skill.md": "39b5b492914e9092fe1c0b2be5af83d4ed869939996b6a201f2d0cd8142ab8f3"
+    "skills/cloud-iam-incident/skill.md": "10e2af2cf8292f457cd3877bcee37f6ee30c80037a3ef5b367fba25195c7a791",
+    "skills/idp-incident-response/skill.md": "3d75d7a0fc5b9a3c584ac5c6510f8b6bd63b7b780488541eb193250ae795b4e2"
   },
   "skill_count": 42,
   "catalog_count": 11,
@@ -78,7 +78,7 @@
     "handoff_dag_nodes": 42,
     "summary_cards": 42,
     "section_offsets_skills": 42,
-    "token_budget_total_approx": 397336,
+    "token_budget_total_approx": 397485,
     "recipes": 8,
     "jurisdiction_clocks": 29,
     "did_ladders": 8,
@@ -87,7 +87,7 @@
     "frequency_fields": 7,
     "activity_feed_events": 54,
     "catalog_summaries": 11,
-    "stale_content_findings": 3
+    "stale_content_findings": 2
   },
   "invalidation_note": "If any source file in source_hashes has a different SHA-256 than recorded here, the indexes are stale. Re-run `npm run build-indexes`."
 }

package/data/_indexes/activity-feed.json

@@ -87,7 +87,7 @@
       "artifact": "data/zeroday-lessons.json",
       "path": "data/zeroday-lessons.json",
       "schema_version": "1.1.0",
-      "entry_count": 21
+      "entry_count": 22
     },
     {
       "date": "2026-05-15",
@@ -102,7 +102,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 36
+      "entry_count": 37
     },
     {
       "date": "2026-05-13",
@@ -118,7 +118,7 @@
       "artifact": "data/d3fend-catalog.json",
       "path": "data/d3fend-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 28
+      "entry_count": 29
     },
     {
       "date": "2026-05-11",

package/data/_indexes/catalog-summaries.json

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 36,
+      "entry_count": 37,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -106,7 +106,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 28,
+      "entry_count": 29,
       "sample_keys": [
         "D3-EAL",
         "D3-EHB",
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 21,
+      "entry_count": 22,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",

package/data/_indexes/chains.json

@@ -3041,6 +3041,22 @@
       ]
     }
   },
+  "MAL-2026-NODE-IPC-STEALER": {
+    "name": "node-ipc credential-stealer (expired-domain account-recovery compromise)",
+    "rwep": 43,
+    "cvss": 9.8,
+    "cisa_kev": false,
+    "epss_score": null,
+    "referencing_skills": [],
+    "chain": {
+      "cwes": [],
+      "atlas": [],
+      "d3fend": [],
+      "framework_gaps": [],
+      "attack_refs": [],
+      "rfc_refs": []
+    }
+  },
   "CWE-20": {
     "name": "Improper Input Validation",
     "category": "Validation",

package/data/_indexes/frequency.json

@@ -2508,6 +2508,7 @@
     "d3fend_refs": [
       "D3-ANCI",
       "D3-CH",
+      "D3-EFA",
       "D3-EI",
       "D3-FCR",
       "D3-KBPI",

package/data/_indexes/section-offsets.json

@@ -3731,7 +3731,7 @@
     },
     "ransomware-response": {
       "path": "skills/ransomware-response/skill.md",
-      "total_bytes": 48211,
+      "total_bytes": 48543,
       "total_lines": 375,
       "frontmatter": {
         "line_start": 1,
@@ -3817,8 +3817,8 @@
           "normalized_name": "hand-off",
           "line": 360,
           "byte_start": 44725,
-          "byte_end": 48211,
-          "bytes": 3486,
+          "byte_end": 48543,
+          "bytes": 3818,
           "h3_count": 0
         }
       ]
@@ -4013,7 +4013,7 @@
     },
     "cloud-iam-incident": {
       "path": "skills/cloud-iam-incident/skill.md",
-      "total_bytes": 44433,
+      "total_bytes": 44569,
       "total_lines": 420,
       "frontmatter": {
         "line_start": 1,
@@ -4099,15 +4099,15 @@
           "normalized_name": "hand-off",
           "line": 400,
           "byte_start": 41396,
-          "byte_end": 44433,
-          "bytes": 3037,
+          "byte_end": 44569,
+          "bytes": 3173,
           "h3_count": 0
         }
       ]
     },
     "idp-incident-response": {
       "path": "skills/idp-incident-response/skill.md",
-      "total_bytes": 46225,
+      "total_bytes": 46352,
       "total_lines": 353,
       "frontmatter": {
         "line_start": 1,
@@ -4193,8 +4193,8 @@
           "normalized_name": "hand-off",
           "line": 335,
           "byte_start": 42384,
-          "byte_end": 46225,
-          "bytes": 3841,
+          "byte_end": 46352,
+          "bytes": 3968,
           "h3_count": 0
         }
       ]

package/data/_indexes/stale-content.json

@@ -3,20 +3,14 @@
     "schema_version": "1.0.0",
     "reference_date": "2026-05-15",
     "note": "Stale-content snapshot derived from audit-cross-skill checks. Re-runs of build-indexes against the same inputs produce byte-identical output (reference_date is manifest.threat_review_date, not 'now'). audit-cross-skill.js remains the canonical interactive audit.",
-    "finding_count": 3,
+    "finding_count": 2,
     "by_severity": {
       "high": 0,
-      "medium": 3,
+      "medium": 2,
       "low": 0
     }
   },
   "findings": [
-    {
-      "severity": "medium",
-      "category": "badge_drift",
-      "artifact": "README.md",
-      "detail": "skills badge shows 38, manifest has 42"
-    },
     {
       "severity": "medium",
       "category": "badge_drift",

package/data/_indexes/token-budget.json

@@ -3,8 +3,8 @@
     "schema_version": "1.0.0",
     "tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
     "approx_chars_per_token": 4,
-    "total_chars": 1589324,
-    "total_approx_tokens": 397336,
+    "total_chars": 1589917,
+    "total_approx_tokens": 397485,
     "skill_count": 42
   },
   "skills": {
@@ -2175,10 +2175,10 @@
     },
     "ransomware-response": {
       "path": "skills/ransomware-response/skill.md",
-      "bytes": 48211,
-      "chars": 48033,
+      "bytes": 48543,
+      "chars": 48363,
       "lines": 375,
-      "approx_tokens": 12008,
+      "approx_tokens": 12091,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -2222,9 +2222,9 @@
           "approx_tokens": 945
         },
         "hand-off": {
-          "bytes": 3486,
-          "chars": 3460,
-          "approx_tokens": 865
+          "bytes": 3818,
+          "chars": 3790,
+          "approx_tokens": 948
         }
       }
     },
@@ -2340,10 +2340,10 @@
     },
     "cloud-iam-incident": {
       "path": "skills/cloud-iam-incident/skill.md",
-      "bytes": 44433,
-      "chars": 44275,
+      "bytes": 44569,
+      "chars": 44411,
       "lines": 420,
-      "approx_tokens": 11069,
+      "approx_tokens": 11103,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -2387,18 +2387,18 @@
           "approx_tokens": 1017
         },
         "hand-off": {
-          "bytes": 3037,
-          "chars": 3009,
-          "approx_tokens": 752
+          "bytes": 3173,
+          "chars": 3145,
+          "approx_tokens": 786
         }
       }
     },
     "idp-incident-response": {
       "path": "skills/idp-incident-response/skill.md",
-      "bytes": 46225,
-      "chars": 46095,
+      "bytes": 46352,
+      "chars": 46222,
       "lines": 353,
-      "approx_tokens": 11524,
+      "approx_tokens": 11556,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -2442,9 +2442,9 @@
           "approx_tokens": 1130
         },
         "hand-off": {
-          "bytes": 3841,
-          "chars": 3817,
-          "approx_tokens": 954
+          "bytes": 3968,
+          "chars": 3944,
+          "approx_tokens": 986
         }
       }
     }