@blamejs/exceptd-skills 0.12.33 → 0.12.35

package/ARCHITECTURE.md

@@ -36,7 +36,7 @@ data_deps:
   - cve-catalog.json          # files in data/ this skill reads
   - atlas-ttps.json
 atlas_refs:
-  - AML.T0043                 # MITRE ATLAS v5.1.0 TTP IDs
+  - AML.T0043                 # MITRE ATLAS v5.4.0 TTP IDs
   - AML.T0054
 attack_refs:
   - T1068                     # MITRE ATT&CK TTP IDs
@@ -121,7 +121,7 @@ Schema per entry:
   "AML.T0043": {
     "name": "Craft Adversarial Data",
     "tactic": "ML Attack Staging",
-    "atlas_version": "5.1.0",
+    "atlas_version": "5.4.0",
     "description": "...",
     "framework_coverage": {
       "NIST-800-53": {"covered": false, "nearest_control": null, "gap_description": "..."},
@@ -179,7 +179,7 @@ Tracks PoC status, weaponization stage, and AI-assist factor per CVE. Updated wh
 
 ### `data/d3fend-catalog.json`
 
-28 MITRE D3FEND defensive technique entries pinned to **D3FEND v1.0.0**. Each entry records the defensive technique ID (e.g., `D3-EAL` Executable Allowlisting), the tactic / artifact it defends, the offensive ATLAS / ATT&CK TTPs it counters, defense-in-depth layer position, least-privilege scope assumptions, zero-trust posture compatibility, and AI-pipeline applicability per Hard Rule #9. Skills cite D3FEND IDs in `d3fend_refs` to map offensive findings to a defensive countermeasure rather than to abstract control language. The `defensive-countermeasure-mapping` skill is the canonical consumer; any skill shipped on or after 2026-05-11 includes a Defensive Countermeasure Mapping section referencing this catalog.
+29 MITRE D3FEND defensive technique entries pinned to **D3FEND v1.0.0**. Each entry records the defensive technique ID (e.g., `D3-EAL` Executable Allowlisting), the tactic / artifact it defends, the offensive ATLAS / ATT&CK TTPs it counters, defense-in-depth layer position, least-privilege scope assumptions, zero-trust posture compatibility, and AI-pipeline applicability per Hard Rule #9. Skills cite D3FEND IDs in `d3fend_refs` to map offensive findings to a defensive countermeasure rather than to abstract control language. The `defensive-countermeasure-mapping` skill is the canonical consumer; any skill shipped on or after 2026-05-11 includes a Defensive Countermeasure Mapping section referencing this catalog.
 
 `_meta.d3fend_version` pins the version; D3FEND ontology additions are tracked in skill `forward_watch` fields.
 
@@ -201,7 +201,7 @@ RWEP (Real-World Exploit Priority) scoring engine.
 
 - `score(cveId)` — Return RWEP score for a CVE in the catalog
 - `scoreCustom(factors)` — Score a custom factor set (for CVEs not yet in catalog)
-- `validate()` — Schema validation: check all skill data_deps resolve, all CVE entries are complete, all ATLAS refs are valid v5.1.0 IDs
+- `validate()` — Schema validation: check all skill data_deps resolve, all CVE entries are complete, all ATLAS refs are valid v5.4.0 IDs
 - `compare(cveId)` — Return CVSS vs. RWEP comparison with explanation of the delta
 
 RWEP factor weights:

package/CHANGELOG.md

@@ -1,6 +1,61 @@
 # Changelog
 
-## 0.12.33 — 2026-05-15
+## 0.12.35 — 2026-05-16
+
+Cycle 15 audit pass — security hardening + ATLAS pin sweep across skills + forward-watch backfill. Three angles audited in parallel (performance, exceptd's own input-handling security, forward-watch staleness); two surfaced P1 fixes that ship here.
+
+### Security
+
+**`--evidence -` (stdin) now enforces the 32 MiB cap.** Pre-fix the stdin branch did `fs.readFileSync(0, "utf8")` with no length limit while the file-path branch enforced `MAX_EVIDENCE_BYTES`. An attacker piping multi-GB JSON would OOM the runner. Stdin now reads in 1 MB chunks and bails at the cap with a structured `ok:false` error + exit 1. New `tests/evidence-input-hardening.test.js` pins both the cap and the small-payload happy path.
+
+**Prototype-pollution defense on operator-submitted `precondition_checks`.** Pre-fix `Object.assign(out.precondition_checks, submission.precondition_checks)` re-invoked the `__proto__` setter when the operator's JSON contained a `__proto__` key. JSON.parse keeps `__proto__` as an own data property (CreateDataProperty), but Object.assign reads via `[[Get]]` and writes via `[[Set]]`, which triggers the prototype-rebinding setter. Global `Object.prototype` stayed clean (Node confines the rebind to the assignment target), but the polluted local prototype was a defense-in-depth gap — any future code path calling `.hasOwnProperty()` directly on the bag would observe pollution. Switched to own-key iteration that explicitly skips `__proto__` / `constructor` / `prototype` keys.
+
+### Bugs
+
+**ATLAS v5.1.0 → v5.4.0 sweep across operator-facing surface.** v0.12.34 fixed README + ARCHITECTURE but cycle 15 found 27 skill bodies, 2 builder scripts, the skill-frontmatter schema, and 17 derived indexes all still citing the stale pin. 30 files modified; canonical pin string `ATLAS v5.4.0 (February 2026)` used uniformly. NYDFS rollout reference "phased in through November 2025" in sector-financial intentionally preserved (different context). The extended docs-pin test now scans `skills/` + `data/_indexes/` + `scripts/` for ATLAS-context mismatches in addition to README + ARCHITECTURE.
+
+**5 past-due forward_watch entries re-dated with realized backfill.**
+- *mlops-security* — predicted "ATLAS v5.2 — track AML.T0010 sub-technique expansion." ATLAS shipped v5.4.0 on 2026-02-06; the expansion landed plus "Publish Poisoned AI Agent Tool" and "Escape to Host" techniques. Backfilled with the realized state + re-anchored to ATLAS v5.5 / v6.0 horizon.
+- *age-gates-child-safety AU under-16 ban* — predicted "implementation deferred to late 2025." AU Online Safety Amendment (Social Media Minimum Age) Act 2024 entered force 2025-12-10; 4.7M+ accounts deactivated by mid-Jan 2026; 31 March 2026 formal investigations of Facebook / Instagram / Snapchat / TikTok / YouTube. Backfilled + re-anchored to first civil-penalty proceedings (H2 2026).
+- *age-gates-child-safety UK OSA enforcement* — predicted "first enforcement decisions expected late 2025 / 2026." Ofcom has 80+ investigations open; first £1M OSA fine issued for age-assurance failure. Backfilled + re-anchored to the April / July / November 2026 OSA milestones.
+- *age-gates-child-safety eSafety actions* — same shape; backfilled to the 31 March 2026 formal investigations.
+- *sector-energy TSA Pipeline SD* — predicted "next reissue cycle anticipated mid-2026." Current cadence: SD-Pipeline-2021-02F expires 2 May 2026; expected 02G now overdue as of cycle 15. Updated to reflect current series + re-anchored to H2 2026.
+
+### Features
+
+**Extended `tests/docs-catalog-counts-pinned.test.js`** to scan `skills/**/*.md`, `data/_indexes/*.json`, and `scripts/**/*.js` for ATLAS version mentions in addition to README + ARCHITECTURE. A future stale-pin in any of those operator-facing files now fails the gate at CI time. Closes the cycle 15 P2 F6 finding which revealed v0.12.34's docs-pin gate was scoped too narrowly.
+
+### Internal
+
+- Cycle 15 audit: 3 read-only agents dispatched (performance, security, forward-watch). Performance audit confirmed no regression — every CLI op within budget; `cross-ref-api.js` mtime-keyed catalog cache + per-run playbook cache prevent N+1 patterns. Watchlist verb at 99ms has a 30-40ms caching opportunity (deferred to v0.13 backlog).
+- 16/16 playbooks now validate clean (no warnings) — same green state as v0.12.33's cred-stores cleanup.
+- Test count 1125 → 1131 (4 new evidence-input-hardening tests + 1 extended docs-pin test + 1 sanity sweep).
+- 14/14 predeploy gates green.
+
+
+## 0.12.34 — 2026-05-15
+
+Documentation accuracy pass. README.md + ARCHITECTURE.md were still pinning ATLAS v5.1.0 and ATT&CK v17 — outdated for nine releases. v0.12.29 fixed the manifest.json pin (cycle 9 Hard Rule #8 audit) but the operator-facing docs weren't updated. Plus catalog count drift (38 skills → 42; 28 D3FEND entries → 29).
+
+### Bugs
+
+**README ATLAS pin lie.** Five sites in `README.md` referenced ATLAS v5.1.0 + "(November 2025)" while the actual catalog pin is v5.4.0 (2026-02-06). Operators reading the README to understand which ATLAS version this catalog tracks saw a stale 6-month-old answer. Corrected: badge URL, narrative paragraphs, framework-lag table footer, `atlas-ttps.json` description.
+
+**ARCHITECTURE.md ATLAS + D3FEND pin lies.** Three sites referenced ATLAS v5.1.0 (matched the manifest pre-cycle-9, stale post-fix). One site stated "28 D3FEND defensive technique entries" — was correct until v0.12.33 added D3-EFA bringing the count to 29.
+
+**README skill count stale.** Said "38 skills" — actual was 42 since v0.12.28's IR-cluster (idp-incident-response, cloud-iam-incident, ransomware-response added 3 skills) plus sector-telecom added v0.12.26.
+
+### Features
+
+**`tests/docs-catalog-counts-pinned.test.js`** — new contract test asserts that README.md and ARCHITECTURE.md text matches the live catalog state for: ATLAS version (`data/atlas-ttps.json._meta.atlas_version`), ATT&CK version (`data/attack-techniques.json._meta.attack_version`), skill count (`manifest.json.skills.length`), D3FEND entry count, CVE catalog count, framework-gap entry count. Any future PR that bumps a catalog without updating the operator-facing docs fails the gate at CI time — eliminates the silent-drift class that v0.12.34 cleaned up.
+
+### Internal
+
+- Cycle 14 audit dispatched 3 read-only agents (playbook execution semantics, air-gap end-to-end, docs accuracy). Two were rate-limited and returned no findings; the docs-accuracy work was completed on the main thread.
+- Cycle 14 main-thread playbook-execution sanity check confirmed: kernel playbook correctly classifies as `detected` with 4 matched CVEs + RWEP 100 when signal_overrides shape is correct (`{indicator_id: 'hit'}`, NOT `{indicator_id: {verdict: 'hit'}}`). The runner is sound; the operator API surface is occasionally subtle.
+- Cycle 14 main-thread air-gap verification confirmed: `--air-gap` flag and `EXCEPTD_AIR_GAP=1` env-var both thread into `runOpts.airGap`; `lib/playbook-runner.js:576` correctly substitutes `air_gap_alternative` for `source` on look artifacts; original source preserved as `_original_source` for audit.
+
+
 
 Same-day CVE intake (node-ipc supply-chain compromise) + cycle 13 audit fixes. Closes the long-standing `cred-stores` skill-vs-playbook semantic confusion that's surfaced in every audit since cycle 9.
 

package/README.md

@@ -14,9 +14,9 @@
 [![CI](https://img.shields.io/github/actions/workflow/status/blamejs/exceptd-skills/ci.yml?branch=main&label=CI)](https://github.com/blamejs/exceptd-skills/actions/workflows/ci.yml)
 [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/blamejs/exceptd-skills/badge)](https://scorecard.dev/viewer/?uri=github.com/blamejs/exceptd-skills)
 [![License: Apache 2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0)
-[![Skills](https://img.shields.io/badge/skills-38-d946ef)](#skill-inventory)
-[![ATLAS](https://img.shields.io/badge/MITRE%20ATLAS-v5.1.0-d946ef)](https://atlas.mitre.org)
-[![ATT&CK](https://img.shields.io/badge/MITRE%20ATT%26CK-v17-d946ef)](https://attack.mitre.org)
+[![Skills](https://img.shields.io/badge/skills-42-d946ef)](#skill-inventory)
+[![ATLAS](https://img.shields.io/badge/MITRE%20ATLAS-v5.4.0-d946ef)](https://atlas.mitre.org)
+[![ATT&CK](https://img.shields.io/badge/MITRE%20ATT%26CK-v19.0-d946ef)](https://attack.mitre.org)
 [![Ed25519-signed](https://img.shields.io/badge/skills-Ed25519--signed-2ea043)](AGENTS.md)
 [![Jurisdictions](https://img.shields.io/badge/jurisdictions-35-blue)](data/global-frameworks.json)
 
@@ -30,7 +30,7 @@ This platform surfaces what is actually happening right now. Every skill explici
 
 ## Status
 
-Pre-1.0. Latest release lives on [GitHub Releases](https://github.com/blamejs/exceptd-skills/releases) and on npm as [`@blamejs/exceptd-skills`](https://www.npmjs.com/package/@blamejs/exceptd-skills) (signed npm provenance attestation). 38 skills across kernel LPE, AI attack surface, MCP trust, RAG security, AI-API C2 detection, PQC migration, framework gap analysis, compliance theater, exploit scoring, threat-model currency, zero-day learning, global GRC, policy exception generation, security maturity tiers, skill update loop, attack-surface pen testing, fuzz testing, DLP gap analysis, supply-chain integrity, defensive-countermeasure mapping, identity assurance, OT/ICS security, coordinated vulnerability disclosure, threat-modeling methodology, child-safety age gates, plus sector packs (federal, financial, healthcare, energy) — and a `researcher` triage dispatcher. 10 data catalogs cover CVE / ATLAS / ATT&CK / CWE / D3FEND / DLP / RFC / framework gaps / global frameworks / zero-day lessons. 35 jurisdictions tracked. AI-consumer ergonomics: `data/_indexes/` ships 17 pre-computed indexes (xref / chains / dispatch / DiD ladders / theater fingerprints / recipes / token budget / currency / activity feed) regenerated by `npm run build-indexes`. External-data refresh is automated nightly via `.github/workflows/refresh.yml` — KEV/EPSS/NVD/RFC drift opens an auto-PR with deltas pre-applied; KEV adds new CVEs and IETF discovery auto-imports new RFCs across 48 project-relevant working groups (`_auto_imported` annotation flags entries for human curation); ATLAS/ATT&CK/CWE/D3FEND version bumps open an issue (audit required per AGENTS.md Hard Rule #12). `exceptd doctor --signatures` prints dual SHA-256 + SHA3-512 public-key fingerprints for out-of-band key pinning. `exceptd discover` probes 22 PQC algorithms across the full NIST + IETF emerging landscape. `exceptd framework-gap <framework> <scenario>` provides a non-AI programmatic runner for the framework-gap skill.
+Pre-1.0. Latest release lives on [GitHub Releases](https://github.com/blamejs/exceptd-skills/releases) and on npm as [`@blamejs/exceptd-skills`](https://www.npmjs.com/package/@blamejs/exceptd-skills) (signed npm provenance attestation). 42 skills across kernel LPE, AI attack surface, MCP trust, RAG security, AI-API C2 detection, PQC migration, framework gap analysis, compliance theater, exploit scoring, threat-model currency, zero-day learning, global GRC, policy exception generation, security maturity tiers, skill update loop, attack-surface pen testing, fuzz testing, DLP gap analysis, supply-chain integrity, defensive-countermeasure mapping, identity assurance, OT/ICS security, coordinated vulnerability disclosure, threat-modeling methodology, child-safety age gates, plus sector packs (federal, financial, healthcare, energy) — and a `researcher` triage dispatcher. 10 data catalogs cover CVE / ATLAS / ATT&CK / CWE / D3FEND / DLP / RFC / framework gaps / global frameworks / zero-day lessons. 35 jurisdictions tracked. AI-consumer ergonomics: `data/_indexes/` ships 17 pre-computed indexes (xref / chains / dispatch / DiD ladders / theater fingerprints / recipes / token budget / currency / activity feed) regenerated by `npm run build-indexes`. External-data refresh is automated nightly via `.github/workflows/refresh.yml` — KEV/EPSS/NVD/RFC drift opens an auto-PR with deltas pre-applied; KEV adds new CVEs and IETF discovery auto-imports new RFCs across 48 project-relevant working groups (`_auto_imported` annotation flags entries for human curation); ATLAS/ATT&CK/CWE/D3FEND version bumps open an issue (audit required per AGENTS.md Hard Rule #12). `exceptd doctor --signatures` prints dual SHA-256 + SHA3-512 public-key fingerprints for out-of-band key pinning. `exceptd discover` probes 22 PQC algorithms across the full NIST + IETF emerging landscape. `exceptd framework-gap <framework> <scenario>` provides a non-AI programmatic runner for the framework-gap skill.
 
 **v0.10.0 introduced the seven-phase playbook contract** — exceptd ships playbooks under `data/playbooks/*.json` that host AIs (Claude Code, Cursor, Gemini CLI, Codex) execute through seven phases: `govern → direct → look → detect → analyze → validate → close`. exceptd owns govern / direct / analyze / validate / close (knowledge + GRC layer); the host AI owns look / detect (artifact collection + indicator evaluation with its native Bash/Read/Grep/Glob).
 
@@ -55,7 +55,7 @@ Assess Linux kernel local privilege escalation exposure. Covers Copy Fail (CVE-2
 ### AI-Specific Attack Surface
 
 **[ai-attack-surface](skills/ai-attack-surface/skill.md)**
-Comprehensive AI/ML attack surface assessment mapped to MITRE ATLAS v5.1.0 with explicit gap flags. Covers prompt injection as enterprise RCE (CVE-2025-53773 CVSS 7.8, 85%+ bypass rate against SOTA defenses), MCP supply chain RCE (CVE-2026-30615, zero user interaction, 150M+ downloads), RAG exfiltration, model poisoning, AI-assisted exploit development (41% of 2025 zero-days), credential theft acceleration (160% increase).
+Comprehensive AI/ML attack surface assessment mapped to MITRE ATLAS v5.4.0 with explicit gap flags. Covers prompt injection as enterprise RCE (CVE-2025-53773 CVSS 7.8, 85%+ bypass rate against SOTA defenses), MCP supply chain RCE (CVE-2026-30615, zero user interaction, 150M+ downloads), RAG exfiltration, model poisoning, AI-assisted exploit development (41% of 2025 zero-days), credential theft acceleration (160% increase).
 
 **[mcp-agent-trust](skills/mcp-agent-trust/skill.md)**
 Enumerate MCP (Model Context Protocol) trust boundary failures. Covers tool allowlisting gaps, unsigned server manifests, prompt injection via tool responses, supply chain compromise. CVE-2026-30615 (Windsurf, zero-interaction RCE). Generates: tool allowlist policy, server signing requirements, bearer auth config, output sanitization requirements.
@@ -398,7 +398,7 @@ The `agents/` directory ships markdown role cards documenting authoring conventi
 All skills pull from `data/`. Cross-validated against canonical upstream sources via `exceptd refresh` / `exceptd doctor --cves` / `exceptd doctor --rfcs`.
 
 - `cve-catalog.json` — CVE metadata with RWEP scores, CISA KEV status, PoC availability, live-patch info
-- `atlas-ttps.json` — MITRE ATLAS v5.1.0 TTPs with gap flags and exploitation examples
+- `atlas-ttps.json` — MITRE ATLAS v5.4.0 TTPs with gap flags and exploitation examples
 - `framework-control-gaps.json` — Per-framework, per-control: what it was designed for vs. what it misses
 - `exploit-availability.json` — PoC locations, weaponization status, AI-assist factor
 - `global-frameworks.json` — All major global compliance frameworks (35 jurisdictions) with control inventories and lag scores
@@ -414,7 +414,7 @@ All skills pull from `data/`. Cross-validated against canonical upstream sources
 
 **Compliance is not security.** A SOC 2 Type II report confirms that controls existed and operated effectively during the audit period. It says nothing about whether those controls are adequate for current attack patterns. When NIST 800-53 SI-2 says "apply security patches in a timely manner" and Copy Fail is a 732-byte deterministic root with a public PoC and no race condition, "timely" is the wrong frame entirely.
 
-**Framework lag is measured in months.** MITRE ATLAS v5.1.0 (November 2025) is the most current AI threat framework available. It still lags real exploitation by 3-6 months. NIST AI RMF lags by years. ISO 27001:2022 has no AI-specific controls. These skills explicitly flag every place where framework coverage ends and real attacker capability begins.
+**Framework lag is measured in months.** MITRE ATLAS v5.4.0 (February 2026) is the most current AI threat framework available. It still lags real exploitation by 3-6 months. NIST AI RMF lags by years. ISO 27001:2022 has no AI-specific controls. These skills explicitly flag every place where framework coverage ends and real attacker capability begins.
 
 **AI changed the exploit development timeline.** Copy Fail was discovered by an AI system in approximately one hour. 41% of 2025 zero-days involved AI-assisted reverse engineering on the attacker side. The time between vulnerability introduction and reliable exploitation is compressing faster than patch management processes can adapt. Risk scoring must reflect this.
 

package/bin/exceptd.js

@@ -732,16 +732,34 @@ function readJsonFile(filePath) {
 
 function readEvidence(evidenceFlag) {
   if (!evidenceFlag) return {};
-  if (evidenceFlag === "-") {
-    const buf = fs.readFileSync(0, "utf8"); // stdin
-    if (!buf.trim()) return {};
-    return JSON.parse(buf);
-  }
-  // v0.12.12: read enforces a max size to defend against an operator
-  // accidentally passing a multi-gigabyte file (binary, log, or
+  // v0.12.12: file-path branch enforces a max size to defend against an
+  // operator accidentally passing a multi-gigabyte file (binary, log, or
   // adversarial JSON bomb). 32 MB is well beyond any legitimate
   // submission and still drains in a single read on modern hardware.
+  // v0.12.35 (cycle 15 security F1): apply the SAME cap to the stdin
+  // branch. Pre-fix `--evidence -` was uncapped — an attacker piping
+  // multi-GB JSON would OOM the runner. Read in 1 MB chunks and bail
+  // at the limit rather than letting Node grow the heap unbounded.
   const MAX_EVIDENCE_BYTES = 32 * 1024 * 1024;
+  if (evidenceFlag === "-") {
+    // fs.readFileSync(0) does NOT respect a maxBuffer option, so we read
+    // incrementally to enforce the cap. Stdin is a pipe / fifo on every
+    // platform; reading until EOF in chunks is correct.
+    const chunks = [];
+    let total = 0;
+    const buf = Buffer.alloc(1024 * 1024);
+    let n;
+    while ((n = fs.readSync(0, buf, 0, buf.length, null)) > 0) {
+      total += n;
+      if (total > MAX_EVIDENCE_BYTES) {
+        throw new Error(`evidence on stdin exceeds size limit: ${total}+ bytes > ${MAX_EVIDENCE_BYTES} byte limit. Pipe a smaller submission, or split into multiple playbook runs.`);
+      }
+      chunks.push(Buffer.from(buf.subarray(0, n)));
+    }
+    const text = Buffer.concat(chunks).toString("utf8");
+    if (!text.trim()) return {};
+    return JSON.parse(text);
+  }
   let stat;
   try { stat = fs.statSync(evidenceFlag); }
   catch (e) { throw new Error(`evidence path not readable: ${e.message}`); }

package/data/_indexes/_meta.json

@@ -1,10 +1,10 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-16T04:40:25.150Z",
+  "generated_at": "2026-05-16T06:44:58.896Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "e7956bcec2b7aee7f469013be4aff46698c0cb269786775ad54a5096fd348920",
+    "manifest.json": "2132d625977bfc7e5715ba150c82dc432460db46b9063e562d4bad44608a244a",
     "data/atlas-ttps.json": "259e76e4252c7a56c17bbe96982a5e37ac89131c2d37a547fe38d64dcacfd763",
     "data/attack-techniques.json": "51f60819aef36e960fd768e44dcc725e137781534fbbb028e5ef6baa21defa1d",
     "data/cve-catalog.json": "55aa571423fd254e6581b22a189a1c0eeb76d467b0ef645d1dfa39f74b28c569",
@@ -17,45 +17,45 @@
     "data/rfc-references.json": "e253a548c8a829d178d5aea601e268724b85c936ccbfa51c2e5d80c5f8efe2b0",
     "data/zeroday-lessons.json": "c927653e6d9d86d1a36c23a3d782b099a49675ccd928cdc204887c79b0cfbbf1",
     "skills/kernel-lpe-triage/skill.md": "8e94bfd38d6db47342fbbe95a0c8df8f7c38743982c13e9de6a1c59cd3783d33",
-    "skills/ai-attack-surface/skill.md": "13e543fc92b9b27cdb647dce96a9eeb44919e0fa92ec41e8265a9981a23e7b79",
-    "skills/mcp-agent-trust/skill.md": "3cec1dce668deec44cb7330e165e89cee8379dd90833519004d566baf72c038c",
-    "skills/framework-gap-analysis/skill.md": "573a097ceb4c952fe7ab3db765c942d06cc8e90f7cda3c42928db35cdcd7cf7b",
-    "skills/compliance-theater/skill.md": "367cde42553dfb59b0cb6e8afb6e88be28ec0ab73682ea3a9d397ca0068753bc",
-    "skills/exploit-scoring/skill.md": "4213724d59d33d8fe768b3ce58edc3aed25c0f06031183542937a14d538ea94d",
-    "skills/rag-pipeline-security/skill.md": "fc027d5e101a9934b402ed4086b9cbb8b2ee6b86f00e1feb54fe15a2018d89fc",
-    "skills/ai-c2-detection/skill.md": "cdfbc086ed2b755a9d3170d66d0c33519478b693fb59944ac95a1749beb5c810",
-    "skills/policy-exception-gen/skill.md": "79db45ba722a6dd9bba25bf84e0b52cf659b56b662193cef80a8273337e41df9",
-    "skills/threat-model-currency/skill.md": "d1cf822c1e8a81466dc49e81b19f42d863c82bd8f8c878215a738e6ae9112fc5",
+    "skills/ai-attack-surface/skill.md": "853ea46b500fa60b5f5db1137629f8b64447b5df2c8346c15c6cbd1e59285532",
+    "skills/mcp-agent-trust/skill.md": "b09a33e71a0cc13ec70e7e750ac4b91887b657d293d92c3cdb49a4e094adcfea",
+    "skills/framework-gap-analysis/skill.md": "4994b47c2618d24e5557f2a23de21960f6f12a6d66d1b8780b4de6d9d3735dfe",
+    "skills/compliance-theater/skill.md": "5fa6207256d002c42a28a90d15b9a9ef0503ae7dba9b55b4098e2e52607377f4",
+    "skills/exploit-scoring/skill.md": "91bab353257383bd21e49005c1c8188b98b46642184dea29729ad45fc732d698",
+    "skills/rag-pipeline-security/skill.md": "96d26b90539bda836032c2fc2935e0d5736f40bcd286165979c0ed34f47f3ce6",
+    "skills/ai-c2-detection/skill.md": "4f986ac65d4cba36ef9173d204acaf81646a9f7c42623ebba0973ea0108133c0",
+    "skills/policy-exception-gen/skill.md": "78a8623700eab1801387e4792611529089b6248ff3faef15d70c0093609ec323",
+    "skills/threat-model-currency/skill.md": "9fcddaa06334d104cb160bace92c92cdcb6b2881f579b82970e42fbd3d213a05",
     "skills/global-grc/skill.md": "e0487de49679172347653d8c191d1f269193de6f444f6b0c6396d326e45bd72e",
-    "skills/zeroday-gap-learn/skill.md": "5caa007d8c95f49ded22db581fd447f735c713b60866d18f5371457b0a60778b",
+    "skills/zeroday-gap-learn/skill.md": "59a0d7cd85b923b3f5633bdc15c1a88eef7dea6332480d93b0bb0ae93a4cd0fe",
     "skills/pqc-first/skill.md": "a5eb776e1ea3bb422a4c18a3bdf39ad2ec1651b3c25e65c89428ba319141b275",
-    "skills/skill-update-loop/skill.md": "48617511ee8efdb257e9caee543009150f0638380ad92882b62021c7eb2f9d16",
-    "skills/security-maturity-tiers/skill.md": "817f0bca44297d03fb206c446fbf3f93aa3a64c309d6ef5efd046e6e47874030",
+    "skills/skill-update-loop/skill.md": "0d5b08f71e4853a634344eaf260da90bd7a29d4df48200ee75be878dce3467e2",
+    "skills/security-maturity-tiers/skill.md": "2027161ab0a3382ba506cca7be1966e11367bbdf861de316facd54e25fef5761",
     "skills/researcher/skill.md": "51d03d9eaea52d2bbbdd67709035db494d44819ce58931ca025cab3025c9fad7",
-    "skills/attack-surface-pentest/skill.md": "3c42af04a5db79ce10c952f4bc7c9216116e77d38e6d57feb1f1c13678c94e53",
-    "skills/fuzz-testing-strategy/skill.md": "83b1929a0d1e09a58908b91125ebc91ff14323ab9acc9bab6c4b04903b69b837",
-    "skills/dlp-gap-analysis/skill.md": "eed1a5de55a9200e6f5c8ac49b0240b54d30b895ce40ccce9d286f5d9b40f664",
-    "skills/supply-chain-integrity/skill.md": "2f9bc5d5f0b70bf468d02a71ced718b50196e6139dfb1424d31cbe017d422027",
+    "skills/attack-surface-pentest/skill.md": "9cb02d9d428ef674ba8af8c935f86ddca197f0ba1f7d216d76ce1b268ae4bb6a",
+    "skills/fuzz-testing-strategy/skill.md": "eaab866236c8cb8a6c8ddc5e65d786ee6d598682de6014ed4e83c6cd163a2128",
+    "skills/dlp-gap-analysis/skill.md": "ee9fd4928d96b2e9957d8db9dec90c844443fbcf2a292e69040bfa47c78a4f4b",
+    "skills/supply-chain-integrity/skill.md": "b44a8704e37d8efcd97d8e998e6b2b454e1bc3ba956c6aaf105aa155ffffd2a8",
     "skills/defensive-countermeasure-mapping/skill.md": "e62c71ba3be2b4d0f7dfa529fec007cba6bee3013f76b93756e3e6310f2d22ab",
     "skills/identity-assurance/skill.md": "6fd734d5cf8eed031537c9ccb1ad11c09ec4e88d31c45d86046a2154a6770990",
-    "skills/ot-ics-security/skill.md": "d239ed497816e00ad14568e9fcca68ffdc7cb0c2a2cbd4960b35fab2065cce31",
-    "skills/coordinated-vuln-disclosure/skill.md": "c96fd2254abf8a29819f8175da85094bea1afe589fecc92abcf1289b30895030",
-    "skills/threat-modeling-methodology/skill.md": "d57d1acc46851d4f1580858c60a90cc20732ca8a5a46da2c50e71c9bdf4cc0b4",
-    "skills/webapp-security/skill.md": "69b16f51ce79cbebd15120d6a0de1c116439bc4739c7dcaa0ecd451614038ad5",
+    "skills/ot-ics-security/skill.md": "2a30c888e515bed3c121e7396f841e15cad53fe443b3f0a1c3f2670c8c317339",
+    "skills/coordinated-vuln-disclosure/skill.md": "0e875953bb8a38a89c8ec5d2a9ef967b12e9a9f166dc9356723f10304fd0535e",
+    "skills/threat-modeling-methodology/skill.md": "bb34933a1eee2cd1da98da5a5dada2c7fc7ebb0bddf5afb39e1f6ee26064d151",
+    "skills/webapp-security/skill.md": "6fdae41856963df0f8655fb52df7cd26b6b47031f55dfe897003ed9647a73ab5",
     "skills/ai-risk-management/skill.md": "10d31ca594449e1fef4c34ea45448ab30a6ffdc2fe1faf4ccaf0a1dd05d67774",
-    "skills/sector-healthcare/skill.md": "97b4486419ab4480266bf2e938564d52bb1cdd70faae09697f695772adf02029",
-    "skills/sector-financial/skill.md": "eec3ce95f36a0f70532aac2f658ad6fb350233dd49c7d95da91144e6c4c4d16c",
-    "skills/sector-federal-government/skill.md": "48c3c019502c8b758598331dbad8a9b121f8dd3dc6fc68bfaf506eba7e3843e5",
-    "skills/sector-energy/skill.md": "875799aa2ad88744b646583fef0a3399abd42a979541dc99bf39825a5ef48ce9",
+    "skills/sector-healthcare/skill.md": "217066e5961fbc3fcd1b5e3df42f299d7aeaf3b5f25e913152836b77f211f96d",
+    "skills/sector-financial/skill.md": "77f6355eb7672f2157bf3d18bfe1d6042efe302468ebddd48ffc385655bf4d10",
+    "skills/sector-federal-government/skill.md": "4b5b2f46c97a1571eecbb1c92ca40ac69a8cafc9f74f39539a08cb539ee65f39",
+    "skills/sector-energy/skill.md": "b3f1a979beab4f22d689ea74c6aa43b7f1b9017a9b2110310adc2af8305fa134",
     "skills/sector-telecom/skill.md": "3489410b0905cbf6b392ea7f7cde35ccd4b03de0d22d2d1b0c671e46d70962c9",
-    "skills/api-security/skill.md": "302f7f6a071b856cc55a4cb5f0bc3f8566e31b5ebca58ca3bd78a91d4b6665ca",
-    "skills/cloud-security/skill.md": "e0574c153aefbb0fc4581c78bc2d708ab7c49d6b5a45a985e51967b8ea740eb9",
-    "skills/container-runtime-security/skill.md": "f06260f0c468d6a4f0409294899017edab45c98d71db1fedd7a630fe6a7bf53a",
-    "skills/mlops-security/skill.md": "e6a296fc67724aa3b026c0039f44867b44cf0926eade4fe616bfd0a4c77310bf",
-    "skills/incident-response-playbook/skill.md": "8ef7ce1246dc1329b6df3cc9de8d79d35e2c02c703dcef20f35b312b1c24fd52",
-    "skills/ransomware-response/skill.md": "603126d81f6c3619f0b2f6d81ea1d6b64f9c8c1296f877ad2e6d802ddab09165",
+    "skills/api-security/skill.md": "75dcb1b9395de2be4ca60e53f900692721b7ef66ded3e510a20d17f35daf982d",
+    "skills/cloud-security/skill.md": "56f0d5d6cf182d347e84baa95a04c39be51e82da3360dac48fcf5d8c4e56a9c3",
+    "skills/container-runtime-security/skill.md": "7e0806b9e13db120f9b65d5f48b33db9f1026c4c2d719838ef0f0c8778ec4365",
+    "skills/mlops-security/skill.md": "cb6871691028f55d59e3efe47be2f1d6bf65fa8c6f3cf301e78d5d119fe3616d",
+    "skills/incident-response-playbook/skill.md": "0695ee43881527459f657a90276748922347f16dd494ae2b98e2a9396c570a44",
+    "skills/ransomware-response/skill.md": "15de039c5679215b7ceb9a55494f614b06fe618aa0f69ce8aff004dc9a841fa4",
     "skills/email-security-anti-phishing/skill.md": "b5a7693b3ddbd6cd83303d092bc5e324db431245d25c4945d9f65fcffa1995e7",
-    "skills/age-gates-child-safety/skill.md": "c741d7dca9da0abb09bdebb8a02e803ce4ae9fb9a6904fb8df3ec19cae83917d",
+    "skills/age-gates-child-safety/skill.md": "66c7f6537077e4e949214ebf3864cb75de0f50f80fa25d25365c6d7fe485dc7a",
     "skills/cloud-iam-incident/skill.md": "10e2af2cf8292f457cd3877bcee37f6ee30c80037a3ef5b367fba25195c7a791",
     "skills/idp-incident-response/skill.md": "3d75d7a0fc5b9a3c584ac5c6510f8b6bd63b7b780488541eb193250ae795b4e2"
   },
@@ -78,7 +78,7 @@
     "handoff_dag_nodes": 42,
     "summary_cards": 42,
     "section_offsets_skills": 42,
-    "token_budget_total_approx": 397485,
+    "token_budget_total_approx": 397777,
     "recipes": 8,
     "jurisdiction_clocks": 29,
     "did_ladders": 8,
@@ -87,7 +87,7 @@
     "frequency_fields": 7,
     "activity_feed_events": 54,
     "catalog_summaries": 11,
-    "stale_content_findings": 3
+    "stale_content_findings": 2
   },
   "invalidation_note": "If any source file in source_hashes has a different SHA-256 than recorded here, the indexes are stale. Re-run `npm run build-indexes`."
 }

package/data/_indexes/activity-feed.json

@@ -301,7 +301,7 @@
       "type": "skill_review",
       "artifact": "ai-attack-surface",
       "path": "skills/ai-attack-surface/skill.md",
-      "note": "Comprehensive AI/ML attack surface assessment mapped to MITRE ATLAS v5.1.0 with gap flags"
+      "note": "Comprehensive AI/ML attack surface assessment mapped to MITRE ATLAS v5.4.0 with gap flags"
     },
     {
       "date": "2026-05-01",

package/data/_indexes/catalog-summaries.json

@@ -7,7 +7,7 @@
   "catalogs": {
     "atlas-ttps.json": {
       "path": "data/atlas-ttps.json",
-      "purpose": "MITRE ATLAS TTPs (AML.T0xxx) cited by skills, with tactic, name, description. Pinned to ATLAS v5.1.0 (November 2025).",
+      "purpose": "MITRE ATLAS TTPs (AML.T0xxx) cited by skills, with tactic, name, description. Pinned to ATLAS v5.4.0 (February 2026).",
       "schema_version": "1.0.0",
       "last_updated": "2026-05-15",
       "tlp": "CLEAR",

package/data/_indexes/recipes.json

@@ -19,7 +19,7 @@
       "steps": [
         {
           "skill": "ai-attack-surface",
-          "why": "Comprehensive attack-surface inventory mapped to ATLAS v5.1.0 with gap flags."
+          "why": "Comprehensive attack-surface inventory mapped to ATLAS v5.4.0 with gap flags."
         },
         {
           "skill": "ai-c2-detection",