@blamejs/exceptd-skills 0.12.32 → 0.12.34
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/ARCHITECTURE.md +4 -4
- package/CHANGELOG.md +51 -0
- package/README.md +7 -7
- package/data/_indexes/_meta.json +11 -11
- package/data/_indexes/activity-feed.json +3 -3
- package/data/_indexes/catalog-summaries.json +3 -3
- package/data/_indexes/chains.json +16 -0
- package/data/_indexes/frequency.json +1 -0
- package/data/_indexes/section-offsets.json +9 -9
- package/data/_indexes/stale-content.json +2 -8
- package/data/_indexes/token-budget.json +20 -20
- package/data/cve-catalog.json +129 -1
- package/data/cwe-catalog.json +8 -3
- package/data/d3fend-catalog.json +46 -0
- package/data/playbooks/cloud-iam-incident.json +0 -6
- package/data/playbooks/idp-incident.json +1 -7
- package/data/zeroday-lessons.json +108 -0
- package/manifest-snapshot.json +1 -1
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +47 -47
- package/package.json +1 -1
- package/sbom.cdx.json +23 -23
- package/skills/cloud-iam-incident/skill.md +1 -1
- package/skills/idp-incident-response/skill.md +1 -1
- package/skills/ransomware-response/skill.md +2 -2
package/manifest.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "exceptd-security",
|
|
3
|
-
"version": "0.12.
|
|
3
|
+
"version": "0.12.34",
|
|
4
4
|
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
|
|
5
5
|
"homepage": "https://exceptd.com",
|
|
6
6
|
"license": "Apache-2.0",
|
|
@@ -53,7 +53,7 @@
|
|
|
53
53
|
],
|
|
54
54
|
"last_threat_review": "2026-05-01",
|
|
55
55
|
"signature": "N6H4u/u1fCFE6f/3QVkAr2cumZvLNE+xYBC91CCxKoeaSKm5zqbwzb2mvFDk9XKUegUy5W6npLFGi75yxNMIAg==",
|
|
56
|
-
"signed_at": "2026-05-
|
|
56
|
+
"signed_at": "2026-05-16T05:54:50.694Z",
|
|
57
57
|
"cwe_refs": [
|
|
58
58
|
"CWE-125",
|
|
59
59
|
"CWE-362",
|
|
@@ -117,7 +117,7 @@
|
|
|
117
117
|
],
|
|
118
118
|
"last_threat_review": "2026-05-01",
|
|
119
119
|
"signature": "Xen6ojQGzT4AZUN/WtuQon+gT2UrJyX50nrZwEdxLw5aiz8gDaeMkWo/Bic+h4NFEF7MRd7uDTm0dvKgWnlRBA==",
|
|
120
|
-
"signed_at": "2026-05-
|
|
120
|
+
"signed_at": "2026-05-16T05:54:50.699Z",
|
|
121
121
|
"cwe_refs": [
|
|
122
122
|
"CWE-1039",
|
|
123
123
|
"CWE-1426",
|
|
@@ -180,7 +180,7 @@
|
|
|
180
180
|
],
|
|
181
181
|
"last_threat_review": "2026-05-01",
|
|
182
182
|
"signature": "IDhdamTvyWfnz7SvIMrVMz2cwLuiP2/Iw2iYHFNbI1O302XnrGyIVsJcoKZa5QFClBYPiABVt+yI5HEuLxMCBw==",
|
|
183
|
-
"signed_at": "2026-05-
|
|
183
|
+
"signed_at": "2026-05-16T05:54:50.700Z",
|
|
184
184
|
"cwe_refs": [
|
|
185
185
|
"CWE-22",
|
|
186
186
|
"CWE-345",
|
|
@@ -226,7 +226,7 @@
|
|
|
226
226
|
"framework_gaps": [],
|
|
227
227
|
"last_threat_review": "2026-05-01",
|
|
228
228
|
"signature": "cPRRTsNQT1MYR3cE5O3KdC4MB037EMc0fsMIbOyfOv16sR+DkiXmAhQOjlIC47HngHz3vhLI+rbqItN91VWpBg==",
|
|
229
|
-
"signed_at": "2026-05-
|
|
229
|
+
"signed_at": "2026-05-16T05:54:50.700Z"
|
|
230
230
|
},
|
|
231
231
|
{
|
|
232
232
|
"name": "compliance-theater",
|
|
@@ -257,7 +257,7 @@
|
|
|
257
257
|
],
|
|
258
258
|
"last_threat_review": "2026-05-01",
|
|
259
259
|
"signature": "79NrFMRsqGsipWeE5ETQSVICGO4BjTJYgyir+PSaNVFpkLqLcwZd8Dr1V7iwX0H0fXFL3WpPz35gtrYCEG32BQ==",
|
|
260
|
-
"signed_at": "2026-05-
|
|
260
|
+
"signed_at": "2026-05-16T05:54:50.701Z"
|
|
261
261
|
},
|
|
262
262
|
{
|
|
263
263
|
"name": "exploit-scoring",
|
|
@@ -286,7 +286,7 @@
|
|
|
286
286
|
],
|
|
287
287
|
"last_threat_review": "2026-05-01",
|
|
288
288
|
"signature": "O7YIzAOQtSCFD0pyUdF0otYy9xwksrRGCLnSw5aMMGOs0SYeYA1JsMX5XLxNOQJC8tURC21HgQc/yx22jLtvAw==",
|
|
289
|
-
"signed_at": "2026-05-
|
|
289
|
+
"signed_at": "2026-05-16T05:54:50.701Z"
|
|
290
290
|
},
|
|
291
291
|
{
|
|
292
292
|
"name": "rag-pipeline-security",
|
|
@@ -323,7 +323,7 @@
|
|
|
323
323
|
],
|
|
324
324
|
"last_threat_review": "2026-05-01",
|
|
325
325
|
"signature": "ai6ebp9pz7dBigm2rQvQ0SklhDZtHqP3exKtolbEBiN0shQScypJfDBaQN2J3aoOC4dZjjTgIZvGfWLmBxrxBA==",
|
|
326
|
-
"signed_at": "2026-05-
|
|
326
|
+
"signed_at": "2026-05-16T05:54:50.702Z",
|
|
327
327
|
"cwe_refs": [
|
|
328
328
|
"CWE-1395",
|
|
329
329
|
"CWE-1426"
|
|
@@ -380,7 +380,7 @@
|
|
|
380
380
|
],
|
|
381
381
|
"last_threat_review": "2026-05-01",
|
|
382
382
|
"signature": "BkDjyCF53MAATVfzERmIhEhi474eWloxD0qyw9Gvw+VFE8aH3pOi+yeCpc0kq0vHAVmAEszwxBKEcuLkJbmSBg==",
|
|
383
|
-
"signed_at": "2026-05-
|
|
383
|
+
"signed_at": "2026-05-16T05:54:50.702Z",
|
|
384
384
|
"d3fend_refs": [
|
|
385
385
|
"D3-CA",
|
|
386
386
|
"D3-CSPP",
|
|
@@ -415,7 +415,7 @@
|
|
|
415
415
|
"framework_gaps": [],
|
|
416
416
|
"last_threat_review": "2026-05-01",
|
|
417
417
|
"signature": "DxfXhSyoAGUo1emHh0uIIcg324ZreBYxmFdBDVAKOOuPmMlfN4RqNc/JGDSfVmMv5CjgYCUcSmkcYB0A5lk0Cg==",
|
|
418
|
-
"signed_at": "2026-05-
|
|
418
|
+
"signed_at": "2026-05-16T05:54:50.703Z",
|
|
419
419
|
"cwe_refs": [
|
|
420
420
|
"CWE-1188"
|
|
421
421
|
]
|
|
@@ -443,7 +443,7 @@
|
|
|
443
443
|
"framework_gaps": [],
|
|
444
444
|
"last_threat_review": "2026-05-01",
|
|
445
445
|
"signature": "rFQ82v+1oAHWixWcGwokKhjZHfXUf6N7EfSgldhQ5Jrbiy3kv5CIbnOCsI6zPWyErSnpKVeBFTabJXnzLrzDCQ==",
|
|
446
|
-
"signed_at": "2026-05-
|
|
446
|
+
"signed_at": "2026-05-16T05:54:50.704Z"
|
|
447
447
|
},
|
|
448
448
|
{
|
|
449
449
|
"name": "global-grc",
|
|
@@ -475,7 +475,7 @@
|
|
|
475
475
|
"framework_gaps": [],
|
|
476
476
|
"last_threat_review": "2026-05-01",
|
|
477
477
|
"signature": "7yVjZkanFMKDQqXdX4B/7oLc2Rz72xHC1zscYd8F/+e5UAbR7ikK8Bn5EKZt3aBEOhHPAviSQNCMxpZD9U00CA==",
|
|
478
|
-
"signed_at": "2026-05-
|
|
478
|
+
"signed_at": "2026-05-16T05:54:50.705Z"
|
|
479
479
|
},
|
|
480
480
|
{
|
|
481
481
|
"name": "zeroday-gap-learn",
|
|
@@ -502,7 +502,7 @@
|
|
|
502
502
|
"framework_gaps": [],
|
|
503
503
|
"last_threat_review": "2026-05-01",
|
|
504
504
|
"signature": "VlPR7yY39hEwDJYYKPgHAOeax9LU0X7eIrR8L7zMFJWS0SdKTalOXXJtD9GppByftnkYAAdryZ8tHQ/KWLtaBQ==",
|
|
505
|
-
"signed_at": "2026-05-
|
|
505
|
+
"signed_at": "2026-05-16T05:54:50.705Z"
|
|
506
506
|
},
|
|
507
507
|
{
|
|
508
508
|
"name": "pqc-first",
|
|
@@ -554,7 +554,7 @@
|
|
|
554
554
|
],
|
|
555
555
|
"last_threat_review": "2026-05-01",
|
|
556
556
|
"signature": "V+qn5FqUlETfsEjvvi6jZGuQdqLFtFejfgPA6KSYxSlBXBTbOBXP3BGk5S+ba9akIzgbKh1j9VGB1MqsIt56DA==",
|
|
557
|
-
"signed_at": "2026-05-
|
|
557
|
+
"signed_at": "2026-05-16T05:54:50.706Z",
|
|
558
558
|
"cwe_refs": [
|
|
559
559
|
"CWE-327"
|
|
560
560
|
],
|
|
@@ -601,7 +601,7 @@
|
|
|
601
601
|
],
|
|
602
602
|
"last_threat_review": "2026-05-01",
|
|
603
603
|
"signature": "WCNz19186cER1eEhCophTIbnL3ltS3FC98I1rfv463aRnuVxPB3sUlD9xHTbxTM2rUABhqKijhdkWiMh2uKxCQ==",
|
|
604
|
-
"signed_at": "2026-05-
|
|
604
|
+
"signed_at": "2026-05-16T05:54:50.706Z"
|
|
605
605
|
},
|
|
606
606
|
{
|
|
607
607
|
"name": "security-maturity-tiers",
|
|
@@ -638,7 +638,7 @@
|
|
|
638
638
|
],
|
|
639
639
|
"last_threat_review": "2026-05-01",
|
|
640
640
|
"signature": "zjq6ACAHD46xvhvQJKlrCPh5xDCuBuIWBI+QJB8RxcudpC7p7I1pqv+BY8DZdsAgU4tquCU8KC+xlduMIk3/DQ==",
|
|
641
|
-
"signed_at": "2026-05-
|
|
641
|
+
"signed_at": "2026-05-16T05:54:50.707Z",
|
|
642
642
|
"cwe_refs": [
|
|
643
643
|
"CWE-1188"
|
|
644
644
|
]
|
|
@@ -673,7 +673,7 @@
|
|
|
673
673
|
"framework_gaps": [],
|
|
674
674
|
"last_threat_review": "2026-05-11",
|
|
675
675
|
"signature": "/lGgWehCMQUXjI6w4FUa+5wrbyRnct+txvVcXA+D2/ZEkoJKh+J/psO3j5HPf7Hpv+Y5SmkH71CoO+9qilyVDQ==",
|
|
676
|
-
"signed_at": "2026-05-
|
|
676
|
+
"signed_at": "2026-05-16T05:54:50.707Z"
|
|
677
677
|
},
|
|
678
678
|
{
|
|
679
679
|
"name": "attack-surface-pentest",
|
|
@@ -744,7 +744,7 @@
|
|
|
744
744
|
"PTES revision incorporating AI-surface enumeration"
|
|
745
745
|
],
|
|
746
746
|
"signature": "RqQMwOKK7xjG9e/Ls4986NOrDwKz/nQmpw1DwNJwV2nlOztyo7MgxUG3kTuLbuW3qCrrkO+CbpBA5nGS1cmKBQ==",
|
|
747
|
-
"signed_at": "2026-05-
|
|
747
|
+
"signed_at": "2026-05-16T05:54:50.708Z"
|
|
748
748
|
},
|
|
749
749
|
{
|
|
750
750
|
"name": "fuzz-testing-strategy",
|
|
@@ -804,7 +804,7 @@
|
|
|
804
804
|
"OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
|
|
805
805
|
],
|
|
806
806
|
"signature": "+ELdD+1AY5DymBitH7wU65CS60NY1nDoLowJAFn7cE5Gr/5jy9BTkyxsm7PEXaSlXWMOkTf/HQ+uyzyxUVD/Bw==",
|
|
807
|
-
"signed_at": "2026-05-
|
|
807
|
+
"signed_at": "2026-05-16T05:54:50.708Z"
|
|
808
808
|
},
|
|
809
809
|
{
|
|
810
810
|
"name": "dlp-gap-analysis",
|
|
@@ -879,7 +879,7 @@
|
|
|
879
879
|
"Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
|
|
880
880
|
],
|
|
881
881
|
"signature": "vL5XeQOk7vwX0sLMuKghj6XLnXsqKcGpCUNMui9HwqnWyNQwgSRGu+JFqP7ZqpP3SUYRZHcVlWhXeTJHyOtiAA==",
|
|
882
|
-
"signed_at": "2026-05-
|
|
882
|
+
"signed_at": "2026-05-16T05:54:50.709Z"
|
|
883
883
|
},
|
|
884
884
|
{
|
|
885
885
|
"name": "supply-chain-integrity",
|
|
@@ -956,7 +956,7 @@
|
|
|
956
956
|
"OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
|
|
957
957
|
],
|
|
958
958
|
"signature": "jp3MxKukV7zW47eX3VcAIMG5WxypMDcfHqwYDodI9YQgTxEojCrRcMSApaoZHTdD3yTQC1JtkXeKxU6K3C5NCg==",
|
|
959
|
-
"signed_at": "2026-05-
|
|
959
|
+
"signed_at": "2026-05-16T05:54:50.710Z"
|
|
960
960
|
},
|
|
961
961
|
{
|
|
962
962
|
"name": "defensive-countermeasure-mapping",
|
|
@@ -1013,7 +1013,7 @@
|
|
|
1013
1013
|
],
|
|
1014
1014
|
"last_threat_review": "2026-05-11",
|
|
1015
1015
|
"signature": "XZigwq8X/csfrdG10O6Q1V5q0zUqSQGd3QrjRKkZ4fkaodG4mZahYuIQqxc8rU9jjtGAm9LtBXYB+I5csqj9Bw==",
|
|
1016
|
-
"signed_at": "2026-05-
|
|
1016
|
+
"signed_at": "2026-05-16T05:54:50.711Z"
|
|
1017
1017
|
},
|
|
1018
1018
|
{
|
|
1019
1019
|
"name": "identity-assurance",
|
|
@@ -1080,7 +1080,7 @@
|
|
|
1080
1080
|
"d3fend_refs": [],
|
|
1081
1081
|
"last_threat_review": "2026-05-11",
|
|
1082
1082
|
"signature": "k0HrsZMBxiPWB1jl4dRwhv/R5IsqbZ+SLDv1Jx3/sRl51JyXjtm8vyogTNhSwsl5/IkaRakqIPJFRFRl5h/9CQ==",
|
|
1083
|
-
"signed_at": "2026-05-
|
|
1083
|
+
"signed_at": "2026-05-16T05:54:50.711Z"
|
|
1084
1084
|
},
|
|
1085
1085
|
{
|
|
1086
1086
|
"name": "ot-ics-security",
|
|
@@ -1136,7 +1136,7 @@
|
|
|
1136
1136
|
"d3fend_refs": [],
|
|
1137
1137
|
"last_threat_review": "2026-05-11",
|
|
1138
1138
|
"signature": "oHxjumOhk8y86WcwhAX8sSWIlPzt60KfTMn4DCJLeRrrQd5+i54fVADKAdZ3vOqfDN+DexO0uX4f5dLPtacRCQ==",
|
|
1139
|
-
"signed_at": "2026-05-
|
|
1139
|
+
"signed_at": "2026-05-16T05:54:50.712Z"
|
|
1140
1140
|
},
|
|
1141
1141
|
{
|
|
1142
1142
|
"name": "coordinated-vuln-disclosure",
|
|
@@ -1188,7 +1188,7 @@
|
|
|
1188
1188
|
"NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
|
|
1189
1189
|
],
|
|
1190
1190
|
"signature": "UCiNjncvhkZItmLQA/Sm1/NCsOiLMwdCjfUw+067v4NIxhaMMaqRrAeD3KgMyEtov7m2Hq2kfwYSt5+DQsYDCQ==",
|
|
1191
|
-
"signed_at": "2026-05-
|
|
1191
|
+
"signed_at": "2026-05-16T05:54:50.713Z"
|
|
1192
1192
|
},
|
|
1193
1193
|
{
|
|
1194
1194
|
"name": "threat-modeling-methodology",
|
|
@@ -1238,7 +1238,7 @@
|
|
|
1238
1238
|
"PASTA v2 updates incorporating AI/ML application threats"
|
|
1239
1239
|
],
|
|
1240
1240
|
"signature": "V9kl8Cf8UMjNFyn3D/fSyhWHLeXWlx3WV/jT9jdF9SrjfDqymimuTt2o91cZ2FOEJndAH9V0JGXB13Ohz8K4CQ==",
|
|
1241
|
-
"signed_at": "2026-05-
|
|
1241
|
+
"signed_at": "2026-05-16T05:54:50.713Z"
|
|
1242
1242
|
},
|
|
1243
1243
|
{
|
|
1244
1244
|
"name": "webapp-security",
|
|
@@ -1312,7 +1312,7 @@
|
|
|
1312
1312
|
"d3fend_refs": [],
|
|
1313
1313
|
"last_threat_review": "2026-05-11",
|
|
1314
1314
|
"signature": "ENSL4MJSNXhriKsTVBjg2jTc7JTtb6mxqbfBw/SVVajPMkLMcLBk4Gem9LhZWZ8DSqyWLnFO2d6hlz5q8bjuCg==",
|
|
1315
|
-
"signed_at": "2026-05-
|
|
1315
|
+
"signed_at": "2026-05-16T05:54:50.714Z"
|
|
1316
1316
|
},
|
|
1317
1317
|
{
|
|
1318
1318
|
"name": "ai-risk-management",
|
|
@@ -1362,7 +1362,7 @@
|
|
|
1362
1362
|
"d3fend_refs": [],
|
|
1363
1363
|
"last_threat_review": "2026-05-11",
|
|
1364
1364
|
"signature": "8E82UwKFNraXV/MKAbiUV6gUryYuN+Ff/kiv1aW4/XtriShdTyt/UgRuQJ8LXGXl0jMH8hRJ/xTAV8LOJqexDA==",
|
|
1365
|
-
"signed_at": "2026-05-
|
|
1365
|
+
"signed_at": "2026-05-16T05:54:50.715Z"
|
|
1366
1366
|
},
|
|
1367
1367
|
{
|
|
1368
1368
|
"name": "sector-healthcare",
|
|
@@ -1422,7 +1422,7 @@
|
|
|
1422
1422
|
"d3fend_refs": [],
|
|
1423
1423
|
"last_threat_review": "2026-05-11",
|
|
1424
1424
|
"signature": "BDuLcpTeFp2BNSf1q4rYOhYKNhlgd3o5RZ0Uw9xW5olyYxPbZSgqekQ+6Ggaec09s7y6sqR37GS0vuAMdbrdDQ==",
|
|
1425
|
-
"signed_at": "2026-05-
|
|
1425
|
+
"signed_at": "2026-05-16T05:54:50.715Z"
|
|
1426
1426
|
},
|
|
1427
1427
|
{
|
|
1428
1428
|
"name": "sector-financial",
|
|
@@ -1503,7 +1503,7 @@
|
|
|
1503
1503
|
"TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
|
|
1504
1504
|
],
|
|
1505
1505
|
"signature": "w12QqGBlRDaDVYug9uQVmEbxR7+gX23rOKZSjlt3XcszYDHBCRiP4cBRKMuEguu44DCaQsg+Btu4vAVMlss9Dg==",
|
|
1506
|
-
"signed_at": "2026-05-
|
|
1506
|
+
"signed_at": "2026-05-16T05:54:50.716Z"
|
|
1507
1507
|
},
|
|
1508
1508
|
{
|
|
1509
1509
|
"name": "sector-federal-government",
|
|
@@ -1572,7 +1572,7 @@
|
|
|
1572
1572
|
"Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
|
|
1573
1573
|
],
|
|
1574
1574
|
"signature": "nMsyJ+rp5fM8/VjC7zsZyDjOC4hpxB+noT1VX7W0HBlq5t3SY56cwOGApwES/kBcCuf4qexKY376OxUr93zvCQ==",
|
|
1575
|
-
"signed_at": "2026-05-
|
|
1575
|
+
"signed_at": "2026-05-16T05:54:50.717Z"
|
|
1576
1576
|
},
|
|
1577
1577
|
{
|
|
1578
1578
|
"name": "sector-energy",
|
|
@@ -1637,7 +1637,7 @@
|
|
|
1637
1637
|
"ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
|
|
1638
1638
|
],
|
|
1639
1639
|
"signature": "L1moEqEGkBkqY/3ohJcfqrlJn40UurDCyb2MOP/IwTAeZD+QbVZ17/drdsydkJ6qSXPiyiE6u8HDfZsDS13NBQ==",
|
|
1640
|
-
"signed_at": "2026-05-
|
|
1640
|
+
"signed_at": "2026-05-16T05:54:50.718Z"
|
|
1641
1641
|
},
|
|
1642
1642
|
{
|
|
1643
1643
|
"name": "sector-telecom",
|
|
@@ -1723,7 +1723,7 @@
|
|
|
1723
1723
|
"O-RAN SFG / WG11 security specifications"
|
|
1724
1724
|
],
|
|
1725
1725
|
"signature": "VKLuoRkFq7lNXqySipwzPSaiHaqemHQ2cReemF/Xy9hUpD9orQaTVZWClOA4lzoF6d2eQ/CeS///Jjnj4g9dCg==",
|
|
1726
|
-
"signed_at": "2026-05-
|
|
1726
|
+
"signed_at": "2026-05-16T05:54:50.718Z"
|
|
1727
1727
|
},
|
|
1728
1728
|
{
|
|
1729
1729
|
"name": "api-security",
|
|
@@ -1792,7 +1792,7 @@
|
|
|
1792
1792
|
"d3fend_refs": [],
|
|
1793
1793
|
"last_threat_review": "2026-05-11",
|
|
1794
1794
|
"signature": "JHGu5OI35payaFR1At3XZIX4HnflgF3lI9vk/XsHpu0loWHtbTiA/SrNzTuWO+be8aIfd36uNz7WnJNwBTCHDA==",
|
|
1795
|
-
"signed_at": "2026-05-
|
|
1795
|
+
"signed_at": "2026-05-16T05:54:50.719Z"
|
|
1796
1796
|
},
|
|
1797
1797
|
{
|
|
1798
1798
|
"name": "cloud-security",
|
|
@@ -1873,7 +1873,7 @@
|
|
|
1873
1873
|
"CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
|
|
1874
1874
|
],
|
|
1875
1875
|
"signature": "UEn0305KAEqIfYOdzadLBdPG/PJ+3sJ/8ubvPFNcXfqXp2uOWTfqGUqY65PApA992VEEa1RBQt5R7Nyhd/OjDQ==",
|
|
1876
|
-
"signed_at": "2026-05-
|
|
1876
|
+
"signed_at": "2026-05-16T05:54:50.719Z"
|
|
1877
1877
|
},
|
|
1878
1878
|
{
|
|
1879
1879
|
"name": "container-runtime-security",
|
|
@@ -1935,7 +1935,7 @@
|
|
|
1935
1935
|
"d3fend_refs": [],
|
|
1936
1936
|
"last_threat_review": "2026-05-11",
|
|
1937
1937
|
"signature": "lPd9tHAskNapjrWwFWhsb8ntAL0xovDCIGElsOCyjcafzby4ArwRw5Lq28sfNloJZAhMN+AWj+lDdFytiUQHCQ==",
|
|
1938
|
-
"signed_at": "2026-05-
|
|
1938
|
+
"signed_at": "2026-05-16T05:54:50.720Z"
|
|
1939
1939
|
},
|
|
1940
1940
|
{
|
|
1941
1941
|
"name": "mlops-security",
|
|
@@ -2006,7 +2006,7 @@
|
|
|
2006
2006
|
"MITRE ATLAS v5.2 — track AML.T0010 sub-technique expansion and any new MLOps-pipeline-specific TTPs"
|
|
2007
2007
|
],
|
|
2008
2008
|
"signature": "U+HyElcP007FIblXUE/nFpj/rZ5z3VohsvxRCWEuuJDLdOnsXYEadb7ccr3X7S4aRG2MC4T2KtVtgbKIuO5QDw==",
|
|
2009
|
-
"signed_at": "2026-05-
|
|
2009
|
+
"signed_at": "2026-05-16T05:54:50.720Z"
|
|
2010
2010
|
},
|
|
2011
2011
|
{
|
|
2012
2012
|
"name": "incident-response-playbook",
|
|
@@ -2068,7 +2068,7 @@
|
|
|
2068
2068
|
"NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
|
|
2069
2069
|
],
|
|
2070
2070
|
"signature": "XB3TVjNRBlqqbIhatFoYtTJHTS51nVt9k7DVrb2roUflLDjbCnaTbrpztA2oqJyyxwgnLlX+K7NW8oYOYEMeCg==",
|
|
2071
|
-
"signed_at": "2026-05-
|
|
2071
|
+
"signed_at": "2026-05-16T05:54:50.721Z"
|
|
2072
2072
|
},
|
|
2073
2073
|
{
|
|
2074
2074
|
"name": "ransomware-response",
|
|
@@ -2147,8 +2147,8 @@
|
|
|
2147
2147
|
"SCOTUS or circuit-court rulings on ransomware payment, sanctions liability, and insurance-policy enforcement"
|
|
2148
2148
|
],
|
|
2149
2149
|
"last_threat_review": "2026-05-15",
|
|
2150
|
-
"signature": "
|
|
2151
|
-
"signed_at": "2026-05-
|
|
2150
|
+
"signature": "ossJwdH0ZQcu2S/Sy1j5s/PqAll/M9yYuF6oxxKl5GrVPueE4Ecxe+X4oIZ41yIG7Z1Ih1cgq8Sw8JwnaktzBA==",
|
|
2151
|
+
"signed_at": "2026-05-16T05:54:50.722Z"
|
|
2152
2152
|
},
|
|
2153
2153
|
{
|
|
2154
2154
|
"name": "email-security-anti-phishing",
|
|
@@ -2201,7 +2201,7 @@
|
|
|
2201
2201
|
"d3fend_refs": [],
|
|
2202
2202
|
"last_threat_review": "2026-05-11",
|
|
2203
2203
|
"signature": "RiCryJEd66T2NNcSo/mZTd3sGWDycE3C37guLJanLdVL5co35DrPFmIl8qy3ZM/y+Wzg5vpny8VKgr1//1/bCA==",
|
|
2204
|
-
"signed_at": "2026-05-
|
|
2204
|
+
"signed_at": "2026-05-16T05:54:50.722Z"
|
|
2205
2205
|
},
|
|
2206
2206
|
{
|
|
2207
2207
|
"name": "age-gates-child-safety",
|
|
@@ -2269,7 +2269,7 @@
|
|
|
2269
2269
|
"US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
|
|
2270
2270
|
],
|
|
2271
2271
|
"signature": "MMWvg3lIf5ygm31zyf1E43t3W9MfRbMBBPrqlj1wOa8AxVJL8LICnAXfmyJ/TNJXwpF+rfZeDdoxXkql8wmtBA==",
|
|
2272
|
-
"signed_at": "2026-05-
|
|
2272
|
+
"signed_at": "2026-05-16T05:54:50.723Z"
|
|
2273
2273
|
},
|
|
2274
2274
|
{
|
|
2275
2275
|
"name": "cloud-iam-incident",
|
|
@@ -2348,8 +2348,8 @@
|
|
|
2348
2348
|
"D3-CAA"
|
|
2349
2349
|
],
|
|
2350
2350
|
"last_threat_review": "2026-05-15",
|
|
2351
|
-
"signature": "
|
|
2352
|
-
"signed_at": "2026-05-
|
|
2351
|
+
"signature": "BST7fWHHxtYrB8L79RqMsQT3NuidigkPVkIZK2Ps43PgF9SMa117ltobk5954vEb1B7kgiWPa3DurLRLdUmGBg==",
|
|
2352
|
+
"signed_at": "2026-05-16T05:54:50.723Z"
|
|
2353
2353
|
},
|
|
2354
2354
|
{
|
|
2355
2355
|
"name": "idp-incident-response",
|
|
@@ -2429,12 +2429,12 @@
|
|
|
2429
2429
|
"D3-IOPR"
|
|
2430
2430
|
],
|
|
2431
2431
|
"last_threat_review": "2026-05-15",
|
|
2432
|
-
"signature": "
|
|
2433
|
-
"signed_at": "2026-05-
|
|
2432
|
+
"signature": "n9d4fdaSHCMieXRDkBz88kITsUFFlngr2gn2IvGFqJLH+xOEDp4ohS62Vk/zq4+Mhi4QEVKSu3mONOAk3nsYBQ==",
|
|
2433
|
+
"signed_at": "2026-05-16T05:54:50.724Z"
|
|
2434
2434
|
}
|
|
2435
2435
|
],
|
|
2436
2436
|
"manifest_signature": {
|
|
2437
2437
|
"algorithm": "Ed25519",
|
|
2438
|
-
"signature_base64": "
|
|
2438
|
+
"signature_base64": "1748XOxtiAYAtLqdE9q0v6At/u6VYi7vbo7XzfNPdFws6c8cXOgz0nt/lujzz9/pGkuxrRXxi6E4kxWGHzt+CA=="
|
|
2439
2439
|
}
|
|
2440
2440
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@blamejs/exceptd-skills",
|
|
3
|
-
"version": "0.12.
|
|
3
|
+
"version": "0.12.34",
|
|
4
4
|
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"ai-security",
|
package/sbom.cdx.json
CHANGED
|
@@ -1,22 +1,22 @@
|
|
|
1
1
|
{
|
|
2
2
|
"bomFormat": "CycloneDX",
|
|
3
3
|
"specVersion": "1.6",
|
|
4
|
-
"serialNumber": "urn:uuid:
|
|
4
|
+
"serialNumber": "urn:uuid:93bc8223-aabd-419a-92d8-b02c70236ee5",
|
|
5
5
|
"version": 1,
|
|
6
6
|
"metadata": {
|
|
7
|
-
"timestamp": "2026-05-
|
|
7
|
+
"timestamp": "2026-05-16T05:57:55.989Z",
|
|
8
8
|
"tools": [
|
|
9
9
|
{
|
|
10
10
|
"vendor": "blamejs",
|
|
11
11
|
"name": "scripts/refresh-sbom.js",
|
|
12
|
-
"version": "0.12.
|
|
12
|
+
"version": "0.12.34"
|
|
13
13
|
}
|
|
14
14
|
],
|
|
15
15
|
"component": {
|
|
16
|
-
"bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.12.
|
|
16
|
+
"bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.12.34",
|
|
17
17
|
"type": "application",
|
|
18
18
|
"name": "@blamejs/exceptd-skills",
|
|
19
|
-
"version": "0.12.
|
|
19
|
+
"version": "0.12.34",
|
|
20
20
|
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
|
|
21
21
|
"licenses": [
|
|
22
22
|
{
|
|
@@ -25,17 +25,17 @@
|
|
|
25
25
|
}
|
|
26
26
|
}
|
|
27
27
|
],
|
|
28
|
-
"purl": "pkg:npm/%40blamejs/exceptd-skills@0.12.
|
|
28
|
+
"purl": "pkg:npm/%40blamejs/exceptd-skills@0.12.34",
|
|
29
29
|
"hashes": [
|
|
30
30
|
{
|
|
31
31
|
"alg": "SHA-256",
|
|
32
|
-
"content": "
|
|
32
|
+
"content": "9c3b6b863c51c69626132417943cad2ee91e8ebcb3a613878222b2add594883e"
|
|
33
33
|
}
|
|
34
34
|
],
|
|
35
35
|
"externalReferences": [
|
|
36
36
|
{
|
|
37
37
|
"type": "distribution",
|
|
38
|
-
"url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.12.
|
|
38
|
+
"url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.12.34"
|
|
39
39
|
},
|
|
40
40
|
{
|
|
41
41
|
"type": "vcs",
|
|
@@ -97,7 +97,7 @@
|
|
|
97
97
|
"hashes": [
|
|
98
98
|
{
|
|
99
99
|
"alg": "SHA-256",
|
|
100
|
-
"content": "
|
|
100
|
+
"content": "d32c31dec321b6daba763b3aa2a210dd12673410f81418de2cb3b67e6135e017"
|
|
101
101
|
}
|
|
102
102
|
]
|
|
103
103
|
},
|
|
@@ -108,7 +108,7 @@
|
|
|
108
108
|
"hashes": [
|
|
109
109
|
{
|
|
110
110
|
"alg": "SHA-256",
|
|
111
|
-
"content": "
|
|
111
|
+
"content": "011575977afa6f1a9e828321f3c49e99bcf919fc1cfa1ffec51cd04496eea153"
|
|
112
112
|
}
|
|
113
113
|
]
|
|
114
114
|
},
|
|
@@ -152,7 +152,7 @@
|
|
|
152
152
|
"hashes": [
|
|
153
153
|
{
|
|
154
154
|
"alg": "SHA-256",
|
|
155
|
-
"content": "
|
|
155
|
+
"content": "b3543a5b76f3ac6bfec588347f25f56c5f0d2567eba209b0b0c3b285018ad5af"
|
|
156
156
|
}
|
|
157
157
|
]
|
|
158
158
|
},
|
|
@@ -262,7 +262,7 @@
|
|
|
262
262
|
"hashes": [
|
|
263
263
|
{
|
|
264
264
|
"alg": "SHA-256",
|
|
265
|
-
"content": "
|
|
265
|
+
"content": "55aa571423fd254e6581b22a189a1c0eeb76d467b0ef645d1dfa39f74b28c569"
|
|
266
266
|
}
|
|
267
267
|
]
|
|
268
268
|
},
|
|
@@ -273,7 +273,7 @@
|
|
|
273
273
|
"hashes": [
|
|
274
274
|
{
|
|
275
275
|
"alg": "SHA-256",
|
|
276
|
-
"content": "
|
|
276
|
+
"content": "6e7349a0fac39bdf9c4cb4598e101e51400f67d64c5d653bbca462f28bc1a0cb"
|
|
277
277
|
}
|
|
278
278
|
]
|
|
279
279
|
},
|
|
@@ -284,7 +284,7 @@
|
|
|
284
284
|
"hashes": [
|
|
285
285
|
{
|
|
286
286
|
"alg": "SHA-256",
|
|
287
|
-
"content": "
|
|
287
|
+
"content": "a1fc2827ceb344669e148d55197dbf1b0e5b20bcc618e90517639c17d67ee82d"
|
|
288
288
|
}
|
|
289
289
|
]
|
|
290
290
|
},
|
|
@@ -350,7 +350,7 @@
|
|
|
350
350
|
"hashes": [
|
|
351
351
|
{
|
|
352
352
|
"alg": "SHA-256",
|
|
353
|
-
"content": "
|
|
353
|
+
"content": "d4499e2063efca0983c2c5fa48e6fefda040e61cc432f424b8750f6ad90d27f3"
|
|
354
354
|
}
|
|
355
355
|
]
|
|
356
356
|
},
|
|
@@ -427,7 +427,7 @@
|
|
|
427
427
|
"hashes": [
|
|
428
428
|
{
|
|
429
429
|
"alg": "SHA-256",
|
|
430
|
-
"content": "
|
|
430
|
+
"content": "022c2a1074fcf12b2ed20db750ff592c90434ca963aadf8b3a2e886087cdbe30"
|
|
431
431
|
}
|
|
432
432
|
]
|
|
433
433
|
},
|
|
@@ -526,7 +526,7 @@
|
|
|
526
526
|
"hashes": [
|
|
527
527
|
{
|
|
528
528
|
"alg": "SHA-256",
|
|
529
|
-
"content": "
|
|
529
|
+
"content": "c927653e6d9d86d1a36c23a3d782b099a49675ccd928cdc204887c79b0cfbbf1"
|
|
530
530
|
}
|
|
531
531
|
]
|
|
532
532
|
},
|
|
@@ -911,7 +911,7 @@
|
|
|
911
911
|
"hashes": [
|
|
912
912
|
{
|
|
913
913
|
"alg": "SHA-256",
|
|
914
|
-
"content": "
|
|
914
|
+
"content": "64d13ed6f7811c491a247b8812a1012096cd1c572a7a64c9eb90eb8bf0402d27"
|
|
915
915
|
}
|
|
916
916
|
]
|
|
917
917
|
},
|
|
@@ -922,7 +922,7 @@
|
|
|
922
922
|
"hashes": [
|
|
923
923
|
{
|
|
924
924
|
"alg": "SHA-256",
|
|
925
|
-
"content": "
|
|
925
|
+
"content": "14c857a5187f7ec64a33d45ca16cb3bfe5e9b8abaf44c75ba093d9678d9b95d3"
|
|
926
926
|
}
|
|
927
927
|
]
|
|
928
928
|
},
|
|
@@ -933,7 +933,7 @@
|
|
|
933
933
|
"hashes": [
|
|
934
934
|
{
|
|
935
935
|
"alg": "SHA-256",
|
|
936
|
-
"content": "
|
|
936
|
+
"content": "50090cebd148a129469ac8d38995d93882f16b2c3bad8a0f8bb27c0104bb3377"
|
|
937
937
|
}
|
|
938
938
|
]
|
|
939
939
|
},
|
|
@@ -1417,7 +1417,7 @@
|
|
|
1417
1417
|
"hashes": [
|
|
1418
1418
|
{
|
|
1419
1419
|
"alg": "SHA-256",
|
|
1420
|
-
"content": "
|
|
1420
|
+
"content": "10e2af2cf8292f457cd3877bcee37f6ee30c80037a3ef5b367fba25195c7a791"
|
|
1421
1421
|
}
|
|
1422
1422
|
]
|
|
1423
1423
|
},
|
|
@@ -1560,7 +1560,7 @@
|
|
|
1560
1560
|
"hashes": [
|
|
1561
1561
|
{
|
|
1562
1562
|
"alg": "SHA-256",
|
|
1563
|
-
"content": "
|
|
1563
|
+
"content": "3d75d7a0fc5b9a3c584ac5c6510f8b6bd63b7b780488541eb193250ae795b4e2"
|
|
1564
1564
|
}
|
|
1565
1565
|
]
|
|
1566
1566
|
},
|
|
@@ -1659,7 +1659,7 @@
|
|
|
1659
1659
|
"hashes": [
|
|
1660
1660
|
{
|
|
1661
1661
|
"alg": "SHA-256",
|
|
1662
|
-
"content": "
|
|
1662
|
+
"content": "603126d81f6c3619f0b2f6d81ea1d6b64f9c8c1296f877ad2e6d802ddab09165"
|
|
1663
1663
|
}
|
|
1664
1664
|
]
|
|
1665
1665
|
},
|
|
@@ -402,7 +402,7 @@ Per AGENTS.md optional 8th section. Maps cloud-IAM offensive findings to MITRE D
|
|
|
402
402
|
After producing the cloud-IAM incident assessment, chain into the following skills.
|
|
403
403
|
|
|
404
404
|
- **`cloud-security`** — for CSP-specific IAM construct inventory, posture-tool integration, and shared-responsibility framing. This skill scopes the IAM-incident-response workflow; `cloud-security` covers the broader cloud-posture surface.
|
|
405
|
-
- **`cred-stores`** — for KMS / Cloud KMS / Key Vault posture
|
|
405
|
+
- **`cred-stores`** *(playbook chain, not a skill)* — `_meta.feeds_into` on this playbook routes blast-radius >= 4 findings into the `cred-stores` playbook for KMS / Cloud KMS / Key Vault posture and access-key rotation hygiene. Hand-off is via the playbook chain, not a skill load.
|
|
406
406
|
- **`identity-assurance`** — for AAL / IAL / FAL framing on human-principal MFA posture, federated-identity assurance levels, and step-up authentication coverage on cloud admin actions.
|
|
407
407
|
- **`framework-gap-analysis`** — for the per-jurisdiction reconciliation called for in Output Format "Cross-Jurisdiction Framework Gap Summary."
|
|
408
408
|
- **`compliance-theater`** — to extend the five theater tests above with general-purpose theater detection across the wider GRC posture.
|
|
@@ -337,7 +337,7 @@ Per AGENTS.md optional 8th section (required for skills shipped on or after 2026
|
|
|
337
337
|
After producing the IdP-tenant compromise assessment, chain into the following skills.
|
|
338
338
|
|
|
339
339
|
- **`identity-assurance`** — for AAL3 / FIDO2 / WebAuthn admin-tier authentication implementation detail, IAL2/IAL3 for high-value workforce identity, FAL constructs for federation, and the cryptographic posture (RFC 7519 JWT, RFC 8725 JWT BCP, RFC 7591 OAuth Dynamic Client Registration, RFC 9421 HTTP Message Signatures) that IdP-tenant control-plane operations reference but framework controls do not specify.
|
|
340
|
-
- **`cred-stores`** — for downstream containment: rotate management-API tokens, downstream service-account credentials, session tokens; audit Vault / Secrets Manager / KMS for IdP-derived credentials.
|
|
340
|
+
- **`cred-stores`** *(playbook chain, not a skill)* — `_meta.feeds_into` on this playbook routes blast-radius >= 4 findings into the `cred-stores` playbook for downstream containment: rotate management-API tokens, downstream service-account credentials, session tokens; audit Vault / Secrets Manager / KMS for IdP-derived credentials. Hand-off is via the playbook chain, not a skill load.
|
|
341
341
|
- **`framework-gap-analysis`** — for per-jurisdiction reconciliation of IdP-tenant control-plane coverage gaps across NIST + ISO + SOC 2 + UK CAF + AU ISM + AU E8 + NIS2 + DORA + NYDFS.
|
|
342
342
|
- **`compliance-theater`** — to extend the seven theater tests above with general-purpose theater detection across the wider GRC posture (CISO certification independence, audit-attestation evidence currency, change-control register completeness).
|
|
343
343
|
- **`coordinated-vuln-disclosure`** — for DORA Art.19 4-hour clock orchestration, NIS2 Art.23 24-hour clock, GDPR Art.33 72-hour clock, NYDFS 500.17 72-hour clock, AU NDB 30-day clock, and the multi-regulator notification when a single IdP-tenant incident triggers multiple clocks across jurisdictions.
|
|
@@ -362,8 +362,8 @@ Ransomware response consumes defensive controls across multiple D3FEND categorie
|
|
|
362
362
|
Ransomware response is a sub-flow of `incident-response-playbook` with ransomware-specific decision properties. Route to the following on the indicated trigger:
|
|
363
363
|
|
|
364
364
|
- **`incident-response-playbook`** — *parent IR playbook.* All PICERL phase scaffolding, jurisdictional notification matrix, post-incident review template, evidence preservation, and cross-skill hand-off graph are owned by the parent. This skill extends — does not duplicate — the parent.
|
|
365
|
-
- **`cred-stores`** — *credential-blast-radius trigger.* When ransomware analysis surfaces lateral movement via valid accounts (T1078) and the blast radius extends to credential stores (AD krbtgt, privileged service accounts, SSO break-glass, OAuth grants, AI-agent service accounts),
|
|
366
|
-
- **`framework`** — *compliance-theater trigger.* When the four ransomware compliance-theater tests in this skill produce a `theater` verdict for the org's pre-incident posture,
|
|
365
|
+
- **`cred-stores`** *(playbook chain, not a skill)* — *credential-blast-radius trigger.* When ransomware analysis surfaces lateral movement via valid accounts (T1078) and the blast radius extends to credential stores (AD krbtgt, privileged service accounts, SSO break-glass, OAuth grants, AI-agent service accounts), the `_meta.feeds_into` chain on this playbook routes into the `cred-stores` playbook for credential rotation scope determination and rotation orchestration. Hand-off is via the playbook chain, not a skill load.
|
|
366
|
+
- **`framework`** *(playbook chain, not a skill)* — *compliance-theater trigger.* When the four ransomware compliance-theater tests in this skill produce a `theater` verdict for the org's pre-incident posture, the `_meta.feeds_into` chain on this playbook routes into the `framework` playbook for cross-framework gap analysis. Hand-off is via the playbook chain, not a skill load. (The `framework-gap-analysis` skill below is a distinct surface — that one IS a real skill and is loaded directly.)
|
|
367
367
|
- **`sector-healthcare`** — *PHI exfil-before-encrypt trigger.* When PHI is in the exfiltrated scope, hand off for HIPAA Breach Notification Rule sequencing (45 CFR 164.400-414), state AG notification matrix, and business-associate cascade. State-specific extensions to the 60-day federal clock are routed through this skill.
|
|
368
368
|
- **`sector-financial`** — *financial-entity trigger.* When the affected entity is a DORA-in-scope financial entity, hand off for the 4h initial notification chain to competent authority + ECB / EIOPA / ESMA; for NYDFS 500.17 the 24h ransom-payment notification (if payment is made and sanctions screening cleared) is routed through this skill.
|
|
369
369
|
- **`framework-gap-analysis`** — *control-gap filing.* When the ransomware response surfaces that one of the four ransomware-specific decision properties (sanctions / decryptor / insurance / immutability / exfil-before-encrypt) failed to operationalize during the incident, file the gap entry against the relevant framework controls (NIST IR-4, ISO A.5.26, SOC 2 CC7.4, HIPAA 164.308(a)(7), AU E8 Backup, UK CAF D1).
|