@blamejs/exceptd-skills 0.12.33 → 0.12.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. package/ARCHITECTURE.md +4 -4
  2. package/CHANGELOG.md +56 -1
  3. package/README.md +7 -7
  4. package/bin/exceptd.js +25 -7
  5. package/data/_indexes/_meta.json +35 -35
  6. package/data/_indexes/activity-feed.json +1 -1
  7. package/data/_indexes/catalog-summaries.json +1 -1
  8. package/data/_indexes/recipes.json +1 -1
  9. package/data/_indexes/section-offsets.json +64 -64
  10. package/data/_indexes/stale-content.json +2 -8
  11. package/data/_indexes/summary-cards.json +1 -1
  12. package/data/_indexes/token-budget.json +14 -14
  13. package/lib/playbook-runner.js +16 -1
  14. package/lib/schemas/skill-frontmatter.schema.json +1 -1
  15. package/manifest-snapshot.json +1 -1
  16. package/manifest-snapshot.sha256 +1 -1
  17. package/manifest.json +79 -79
  18. package/package.json +1 -1
  19. package/sbom.cdx.json +50 -50
  20. package/scripts/builders/catalog-summaries.js +1 -1
  21. package/scripts/builders/recipes.js +1 -1
  22. package/skills/age-gates-child-safety/skill.md +4 -4
  23. package/skills/ai-attack-surface/skill.md +3 -3
  24. package/skills/ai-c2-detection/skill.md +4 -4
  25. package/skills/api-security/skill.md +1 -1
  26. package/skills/attack-surface-pentest/skill.md +3 -3
  27. package/skills/cloud-security/skill.md +2 -2
  28. package/skills/compliance-theater/skill.md +2 -2
  29. package/skills/container-runtime-security/skill.md +2 -2
  30. package/skills/coordinated-vuln-disclosure/skill.md +1 -1
  31. package/skills/dlp-gap-analysis/skill.md +4 -4
  32. package/skills/exploit-scoring/skill.md +1 -1
  33. package/skills/framework-gap-analysis/skill.md +3 -3
  34. package/skills/fuzz-testing-strategy/skill.md +1 -1
  35. package/skills/incident-response-playbook/skill.md +1 -1
  36. package/skills/mcp-agent-trust/skill.md +1 -1
  37. package/skills/mlops-security/skill.md +2 -2
  38. package/skills/ot-ics-security/skill.md +2 -2
  39. package/skills/policy-exception-gen/skill.md +2 -2
  40. package/skills/rag-pipeline-security/skill.md +3 -3
  41. package/skills/ransomware-response/skill.md +1 -1
  42. package/skills/sector-energy/skill.md +2 -2
  43. package/skills/sector-federal-government/skill.md +1 -1
  44. package/skills/sector-financial/skill.md +3 -3
  45. package/skills/sector-healthcare/skill.md +2 -2
  46. package/skills/security-maturity-tiers/skill.md +1 -1
  47. package/skills/skill-update-loop/skill.md +4 -4
  48. package/skills/supply-chain-integrity/skill.md +1 -1
  49. package/skills/threat-model-currency/skill.md +7 -7
  50. package/skills/threat-modeling-methodology/skill.md +1 -1
  51. package/skills/webapp-security/skill.md +1 -1
  52. package/skills/zeroday-gap-learn/skill.md +2 -2
package/data/_indexes/section-offsets.json CHANGED
@@ -150,7 +150,7 @@
150
150
  "h3_count": 0
151
151
  },
152
152
  {
153
- "name": "TTP Mapping (MITRE ATLAS v5.1.0)",
153
+ "name": "TTP Mapping (MITRE ATLAS v5.4.0)",
154
154
  "normalized_name": "ttp-mapping",
155
155
  "line": 166,
156
156
  "byte_start": 13330,
@@ -329,7 +329,7 @@
329
329
  "h3_count": 1
330
330
  },
331
331
  {
332
- "name": "TTP Mapping (MITRE ATLAS v5.1.0 and ATT&CK)",
332
+ "name": "TTP Mapping (MITRE ATLAS v5.4.0 and ATT&CK)",
333
333
  "normalized_name": "ttp-mapping",
334
334
  "line": 70,
335
335
  "byte_start": 5908,
@@ -432,7 +432,7 @@
432
432
  "h3_count": 0
433
433
  },
434
434
  {
435
- "name": "TTP Mapping (MITRE ATLAS v5.1.0 and ATT&CK)",
435
+ "name": "TTP Mapping (MITRE ATLAS v5.4.0 and ATT&CK)",
436
436
  "normalized_name": "ttp-mapping",
437
437
  "line": 73,
438
438
  "byte_start": 7766,
@@ -674,7 +674,7 @@
674
674
  "h3_count": 0
675
675
  },
676
676
  {
677
- "name": "TTP Mapping (MITRE ATLAS v5.1.0)",
677
+ "name": "TTP Mapping (MITRE ATLAS v5.4.0)",
678
678
  "normalized_name": "ttp-mapping",
679
679
  "line": 183,
680
680
  "byte_start": 12490,
@@ -795,7 +795,7 @@
795
795
  "h3_count": 2
796
796
  },
797
797
  {
798
- "name": "TTP Mapping (MITRE ATLAS v5.1.0 + MITRE ATT&CK)",
798
+ "name": "TTP Mapping (MITRE ATLAS v5.4.0 + MITRE ATT&CK)",
799
799
  "normalized_name": "ttp-mapping",
800
800
  "line": 324,
801
801
  "byte_start": 14009,
@@ -898,7 +898,7 @@
898
898
  "h3_count": 0
899
899
  },
900
900
  {
901
- "name": "TTP Mapping (MITRE ATLAS v5.1.0 and ATT&CK)",
901
+ "name": "TTP Mapping (MITRE ATLAS v5.4.0 and ATT&CK)",
902
902
  "normalized_name": "ttp-mapping",
903
903
  "line": 83,
904
904
  "byte_start": 6689,
@@ -1812,7 +1812,7 @@
1812
1812
  "h3_count": 0
1813
1813
  },
1814
1814
  {
1815
- "name": "TTP Mapping (MITRE ATLAS v5.1.0 + MITRE ATT&CK v17)",
1815
+ "name": "TTP Mapping (MITRE ATLAS v5.4.0 + MITRE ATT&CK v17)",
1816
1816
  "normalized_name": "ttp-mapping",
1817
1817
  "line": 124,
1818
1818
  "byte_start": 10961,
@@ -1897,7 +1897,7 @@
1897
1897
  "h3_count": 0
1898
1898
  },
1899
1899
  {
1900
- "name": "TTP Mapping (MITRE ATLAS v5.1.0 + MITRE ATT&CK Enterprise)",
1900
+ "name": "TTP Mapping (MITRE ATLAS v5.4.0 + MITRE ATT&CK Enterprise)",
1901
1901
  "normalized_name": "ttp-mapping",
1902
1902
  "line": 90,
1903
1903
  "byte_start": 9741,
@@ -1982,7 +1982,7 @@
1982
1982
  "h3_count": 1
1983
1983
  },
1984
1984
  {
1985
- "name": "TTP Mapping (MITRE ATLAS v5.1.0 + MITRE ATT&CK)",
1985
+ "name": "TTP Mapping (MITRE ATLAS v5.4.0 + MITRE ATT&CK)",
1986
1986
  "normalized_name": "ttp-mapping",
1987
1987
  "line": 128,
1988
1988
  "byte_start": 15001,
@@ -2622,7 +2622,7 @@
2622
2622
  "h3_count": 0
2623
2623
  },
2624
2624
  {
2625
- "name": "TTP Mapping (MITRE ATT&CK Enterprise + ATLAS v5.1.0)",
2625
+ "name": "TTP Mapping (MITRE ATT&CK Enterprise + ATLAS v5.4.0)",
2626
2626
  "normalized_name": "ttp-mapping",
2627
2627
  "line": 112,
2628
2628
  "byte_start": 8673,
@@ -3073,21 +3073,21 @@
3073
3073
  },
3074
3074
  "sector-energy": {
3075
3075
  "path": "skills/sector-energy/skill.md",
3076
- "total_bytes": 53837,
3076
+ "total_bytes": 54006,
3077
3077
  "total_lines": 413,
3078
3078
  "frontmatter": {
3079
3079
  "line_start": 1,
3080
3080
  "line_end": 64,
3081
3081
  "byte_start": 0,
3082
- "byte_end": 2378
3082
+ "byte_end": 2547
3083
3083
  },
3084
3084
  "sections": [
3085
3085
  {
3086
3086
  "name": "Threat Context (mid-2026)",
3087
3087
  "normalized_name": "threat-context",
3088
3088
  "line": 70,
3089
- "byte_start": 3114,
3090
- "byte_end": 8467,
3089
+ "byte_start": 3283,
3090
+ "byte_end": 8636,
3091
3091
  "bytes": 5353,
3092
3092
  "h3_count": 0
3093
3093
  },
@@ -3095,8 +3095,8 @@
3095
3095
  "name": "Framework Lag Declaration",
3096
3096
  "normalized_name": "framework-lag-declaration",
3097
3097
  "line": 96,
3098
- "byte_start": 8467,
3099
- "byte_end": 16804,
3098
+ "byte_start": 8636,
3099
+ "byte_end": 16973,
3100
3100
  "bytes": 8337,
3101
3101
  "h3_count": 0
3102
3102
  },
@@ -3104,8 +3104,8 @@
3104
3104
  "name": "TTP Mapping",
3105
3105
  "normalized_name": "ttp-mapping",
3106
3106
  "line": 121,
3107
- "byte_start": 16804,
3108
- "byte_end": 23180,
3107
+ "byte_start": 16973,
3108
+ "byte_end": 23349,
3109
3109
  "bytes": 6376,
3110
3110
  "h3_count": 0
3111
3111
  },
@@ -3113,8 +3113,8 @@
3113
3113
  "name": "Exploit Availability Matrix",
3114
3114
  "normalized_name": "exploit-availability-matrix",
3115
3115
  "line": 147,
3116
- "byte_start": 23180,
3117
- "byte_end": 27186,
3116
+ "byte_start": 23349,
3117
+ "byte_end": 27355,
3118
3118
  "bytes": 4006,
3119
3119
  "h3_count": 0
3120
3120
  },
@@ -3122,8 +3122,8 @@
3122
3122
  "name": "Analysis Procedure",
3123
3123
  "normalized_name": "analysis-procedure",
3124
3124
  "line": 165,
3125
- "byte_start": 27186,
3126
- "byte_end": 38132,
3125
+ "byte_start": 27355,
3126
+ "byte_end": 38301,
3127
3127
  "bytes": 10946,
3128
3128
  "h3_count": 13
3129
3129
  },
@@ -3131,8 +3131,8 @@
3131
3131
  "name": "Output Format",
3132
3132
  "normalized_name": "output-format",
3133
3133
  "line": 277,
3134
- "byte_start": 38132,
3135
- "byte_end": 40920,
3134
+ "byte_start": 38301,
3135
+ "byte_end": 41089,
3136
3136
  "bytes": 2788,
3137
3137
  "h3_count": 13
3138
3138
  },
@@ -3140,8 +3140,8 @@
3140
3140
  "name": "Compliance Theater Check",
3141
3141
  "normalized_name": "compliance-theater-check",
3142
3142
  "line": 342,
3143
- "byte_start": 40920,
3144
- "byte_end": 45911,
3143
+ "byte_start": 41089,
3144
+ "byte_end": 46080,
3145
3145
  "bytes": 4991,
3146
3146
  "h3_count": 0
3147
3147
  },
@@ -3149,8 +3149,8 @@
3149
3149
  "name": "Defensive Countermeasure Mapping",
3150
3150
  "normalized_name": "defensive-countermeasure-mapping",
3151
3151
  "line": 380,
3152
- "byte_start": 45911,
3153
- "byte_end": 50462,
3152
+ "byte_start": 46080,
3153
+ "byte_end": 50631,
3154
3154
  "bytes": 4551,
3155
3155
  "h3_count": 0
3156
3156
  },
@@ -3158,8 +3158,8 @@
3158
3158
  "name": "Hand-Off / Related Skills",
3159
3159
  "normalized_name": "hand-off",
3160
3160
  "line": 396,
3161
- "byte_start": 50462,
3162
- "byte_end": 53837,
3161
+ "byte_start": 50631,
3162
+ "byte_end": 54006,
3163
3163
  "bytes": 3375,
3164
3164
  "h3_count": 0
3165
3165
  }
@@ -3289,7 +3289,7 @@
3289
3289
  "h3_count": 0
3290
3290
  },
3291
3291
  {
3292
- "name": "TTP Mapping (MITRE ATT&CK Enterprise + ATLAS v5.1.0)",
3292
+ "name": "TTP Mapping (MITRE ATT&CK Enterprise + ATLAS v5.4.0)",
3293
3293
  "normalized_name": "ttp-mapping",
3294
3294
  "line": 124,
3295
3295
  "byte_start": 10439,
@@ -3543,21 +3543,21 @@
3543
3543
  },
3544
3544
  "mlops-security": {
3545
3545
  "path": "skills/mlops-security/skill.md",
3546
- "total_bytes": 45173,
3546
+ "total_bytes": 45439,
3547
3547
  "total_lines": 330,
3548
3548
  "frontmatter": {
3549
3549
  "line_start": 1,
3550
3550
  "line_end": 66,
3551
3551
  "byte_start": 0,
3552
- "byte_end": 2132
3552
+ "byte_end": 2398
3553
3553
  },
3554
3554
  "sections": [
3555
3555
  {
3556
3556
  "name": "Threat Context (mid-2026)",
3557
3557
  "normalized_name": "threat-context",
3558
3558
  "line": 70,
3559
- "byte_start": 2171,
3560
- "byte_end": 8001,
3559
+ "byte_start": 2437,
3560
+ "byte_end": 8267,
3561
3561
  "bytes": 5830,
3562
3562
  "h3_count": 0
3563
3563
  },
@@ -3565,8 +3565,8 @@
3565
3565
  "name": "Framework Lag Declaration",
3566
3566
  "normalized_name": "framework-lag-declaration",
3567
3567
  "line": 88,
3568
- "byte_start": 8001,
3569
- "byte_end": 13783,
3568
+ "byte_start": 8267,
3569
+ "byte_end": 14049,
3570
3570
  "bytes": 5782,
3571
3571
  "h3_count": 0
3572
3572
  },
@@ -3574,8 +3574,8 @@
3574
3574
  "name": "TTP Mapping",
3575
3575
  "normalized_name": "ttp-mapping",
3576
3576
  "line": 112,
3577
- "byte_start": 13783,
3578
- "byte_end": 18159,
3577
+ "byte_start": 14049,
3578
+ "byte_end": 18425,
3579
3579
  "bytes": 4376,
3580
3580
  "h3_count": 0
3581
3581
  },
@@ -3583,8 +3583,8 @@
3583
3583
  "name": "Exploit Availability Matrix",
3584
3584
  "normalized_name": "exploit-availability-matrix",
3585
3585
  "line": 137,
3586
- "byte_start": 18159,
3587
- "byte_end": 23645,
3586
+ "byte_start": 18425,
3587
+ "byte_end": 23911,
3588
3588
  "bytes": 5486,
3589
3589
  "h3_count": 0
3590
3590
  },
@@ -3592,8 +3592,8 @@
3592
3592
  "name": "Analysis Procedure",
3593
3593
  "normalized_name": "analysis-procedure",
3594
3594
  "line": 163,
3595
- "byte_start": 23645,
3596
- "byte_end": 32714,
3595
+ "byte_start": 23911,
3596
+ "byte_end": 32980,
3597
3597
  "bytes": 9069,
3598
3598
  "h3_count": 4
3599
3599
  },
@@ -3601,8 +3601,8 @@
3601
3601
  "name": "Output Format",
3602
3602
  "normalized_name": "output-format",
3603
3603
  "line": 228,
3604
- "byte_start": 32714,
3605
- "byte_end": 35392,
3604
+ "byte_start": 32980,
3605
+ "byte_end": 35658,
3606
3606
  "bytes": 2678,
3607
3607
  "h3_count": 10
3608
3608
  },
@@ -3610,8 +3610,8 @@
3610
3610
  "name": "Compliance Theater Check",
3611
3611
  "normalized_name": "compliance-theater-check",
3612
3612
  "line": 281,
3613
- "byte_start": 35392,
3614
- "byte_end": 38323,
3613
+ "byte_start": 35658,
3614
+ "byte_end": 38589,
3615
3615
  "bytes": 2931,
3616
3616
  "h3_count": 0
3617
3617
  },
@@ -3619,8 +3619,8 @@
3619
3619
  "name": "Defensive Countermeasure Mapping",
3620
3620
  "normalized_name": "defensive-countermeasure-mapping",
3621
3621
  "line": 297,
3622
- "byte_start": 38323,
3623
- "byte_end": 42243,
3622
+ "byte_start": 38589,
3623
+ "byte_end": 42509,
3624
3624
  "bytes": 3920,
3625
3625
  "h3_count": 0
3626
3626
  },
@@ -3628,8 +3628,8 @@
3628
3628
  "name": "Hand-Off / Related Skills",
3629
3629
  "normalized_name": "hand-off",
3630
3630
  "line": 317,
3631
- "byte_start": 42243,
3632
- "byte_end": 45173,
3631
+ "byte_start": 42509,
3632
+ "byte_end": 45439,
3633
3633
  "bytes": 2930,
3634
3634
  "h3_count": 0
3635
3635
  }
@@ -3919,7 +3919,7 @@
3919
3919
  },
3920
3920
  "age-gates-child-safety": {
3921
3921
  "path": "skills/age-gates-child-safety/skill.md",
3922
- "total_bytes": 68916,
3922
+ "total_bytes": 69650,
3923
3923
  "total_lines": 460,
3924
3924
  "frontmatter": {
3925
3925
  "line_start": 1,
@@ -3960,16 +3960,16 @@
3960
3960
  "normalized_name": "exploit-availability-matrix",
3961
3961
  "line": 144,
3962
3962
  "byte_start": 27288,
3963
- "byte_end": 34620,
3964
- "bytes": 7332,
3963
+ "byte_end": 35354,
3964
+ "bytes": 8066,
3965
3965
  "h3_count": 0
3966
3966
  },
3967
3967
  {
3968
3968
  "name": "Analysis Procedure",
3969
3969
  "normalized_name": "analysis-procedure",
3970
3970
  "line": 167,
3971
- "byte_start": 34620,
3972
- "byte_end": 48753,
3971
+ "byte_start": 35354,
3972
+ "byte_end": 49487,
3973
3973
  "bytes": 14133,
3974
3974
  "h3_count": 4
3975
3975
  },
@@ -3977,8 +3977,8 @@
3977
3977
  "name": "Output Format",
3978
3978
  "normalized_name": "output-format",
3979
3979
  "line": 291,
3980
- "byte_start": 48753,
3981
- "byte_end": 53356,
3980
+ "byte_start": 49487,
3981
+ "byte_end": 54090,
3982
3982
  "bytes": 4603,
3983
3983
  "h3_count": 14
3984
3984
  },
@@ -3986,8 +3986,8 @@
3986
3986
  "name": "Compliance Theater Check",
3987
3987
  "normalized_name": "compliance-theater-check",
3988
3988
  "line": 372,
3989
- "byte_start": 53356,
3990
- "byte_end": 59441,
3989
+ "byte_start": 54090,
3990
+ "byte_end": 60175,
3991
3991
  "bytes": 6085,
3992
3992
  "h3_count": 0
3993
3993
  },
@@ -3995,8 +3995,8 @@
3995
3995
  "name": "Defensive Countermeasure Mapping",
3996
3996
  "normalized_name": "defensive-countermeasure-mapping",
3997
3997
  "line": 422,
3998
- "byte_start": 59441,
3999
- "byte_end": 64583,
3998
+ "byte_start": 60175,
3999
+ "byte_end": 65317,
4000
4000
  "bytes": 5142,
4001
4001
  "h3_count": 0
4002
4002
  },
@@ -4004,8 +4004,8 @@
4004
4004
  "name": "Hand-Off / Related Skills",
4005
4005
  "normalized_name": "hand-off",
4006
4006
  "line": 442,
4007
- "byte_start": 64583,
4008
- "byte_end": 68916,
4007
+ "byte_start": 65317,
4008
+ "byte_end": 69650,
4009
4009
  "bytes": 4333,
4010
4010
  "h3_count": 0
4011
4011
  }
package/data/_indexes/stale-content.json CHANGED
@@ -3,20 +3,14 @@
3
3
  "schema_version": "1.0.0",
4
4
  "reference_date": "2026-05-15",
5
5
  "note": "Stale-content snapshot derived from audit-cross-skill checks. Re-runs of build-indexes against the same inputs produce byte-identical output (reference_date is manifest.threat_review_date, not 'now'). audit-cross-skill.js remains the canonical interactive audit.",
6
- "finding_count": 3,
6
+ "finding_count": 2,
7
7
  "by_severity": {
8
8
  "high": 0,
9
- "medium": 3,
9
+ "medium": 2,
10
10
  "low": 0
11
11
  }
12
12
  },
13
13
  "findings": [
14
- {
15
- "severity": "medium",
16
- "category": "badge_drift",
17
- "artifact": "README.md",
18
- "detail": "skills badge shows 38, manifest has 42"
19
- },
20
14
  {
21
15
  "severity": "medium",
22
16
  "category": "badge_drift",
package/data/_indexes/summary-cards.json CHANGED
@@ -60,7 +60,7 @@
60
60
  ]
61
61
  },
62
62
  "ai-attack-surface": {
63
- "description": "Comprehensive AI/ML attack surface assessment mapped to MITRE ATLAS v5.1.0 with gap flags",
63
+ "description": "Comprehensive AI/ML attack surface assessment mapped to MITRE ATLAS v5.4.0 with gap flags",
64
64
  "threat_context_excerpt": "The AI attack surface is not speculative. It is actively exploited. The following are confirmed, documented threats as of mid-2026.",
65
65
  "produces": "```\n## AI Attack Surface Assessment\n\n**Assessment Date:** YYYY-MM-DD\n**Scope:** [systems/applications assessed]\n\n### Surface Inventory\n| Component | Type | External Input | Tool Use | Risk Level |\n|-----------|------|---------------|----------|------------|\n| [name] | [LLM app / MCP server / coding assistant] | [Yes/No] | [Yes/No] | [Critical/High/Medium/Low] |\n\n### Prompt Injection Exposure\n[Per component: injection surface score, current defenses, estimated bypass rate, recommended controls]\n\n### MCP Trust Assessment\n[Per installed MCP server: signed/unsigned, allowlist status, auth status, ...",
66
66
  "key_xrefs": {
package/data/_indexes/token-budget.json CHANGED
@@ -3,8 +3,8 @@
3
3
  "schema_version": "1.0.0",
4
4
  "tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
5
5
  "approx_chars_per_token": 4,
6
- "total_chars": 1589917,
7
- "total_approx_tokens": 397485,
6
+ "total_chars": 1591081,
7
+ "total_approx_tokens": 397777,
8
8
  "skill_count": 42
9
9
  },
10
10
  "skills": {
@@ -1790,10 +1790,10 @@
1790
1790
  },
1791
1791
  "sector-energy": {
1792
1792
  "path": "skills/sector-energy/skill.md",
1793
- "bytes": 53837,
1794
- "chars": 53631,
1793
+ "bytes": 54006,
1794
+ "chars": 53798,
1795
1795
  "lines": 413,
1796
- "approx_tokens": 13408,
1796
+ "approx_tokens": 13450,
1797
1797
  "approx_chars_per_token": 4,
1798
1798
  "sections": {
1799
1799
  "threat-context": {
@@ -2065,10 +2065,10 @@
2065
2065
  },
2066
2066
  "mlops-security": {
2067
2067
  "path": "skills/mlops-security/skill.md",
2068
- "bytes": 45173,
2069
- "chars": 44881,
2068
+ "bytes": 45439,
2069
+ "chars": 45147,
2070
2070
  "lines": 330,
2071
- "approx_tokens": 11220,
2071
+ "approx_tokens": 11287,
2072
2072
  "approx_chars_per_token": 4,
2073
2073
  "sections": {
2074
2074
  "threat-context": {
@@ -2285,10 +2285,10 @@
2285
2285
  },
2286
2286
  "age-gates-child-safety": {
2287
2287
  "path": "skills/age-gates-child-safety/skill.md",
2288
- "bytes": 68916,
2289
- "chars": 68631,
2288
+ "bytes": 69650,
2289
+ "chars": 69362,
2290
2290
  "lines": 460,
2291
- "approx_tokens": 17158,
2291
+ "approx_tokens": 17341,
2292
2292
  "approx_chars_per_token": 4,
2293
2293
  "sections": {
2294
2294
  "threat-context": {
@@ -2307,9 +2307,9 @@
2307
2307
  "approx_tokens": 827
2308
2308
  },
2309
2309
  "exploit-availability-matrix": {
2310
- "bytes": 7332,
2311
- "chars": 7304,
2312
- "approx_tokens": 1826
2310
+ "bytes": 8066,
2311
+ "chars": 8035,
2312
+ "approx_tokens": 2009
2313
2313
  },
2314
2314
  "analysis-procedure": {
2315
2315
  "bytes": 14133,
package/lib/playbook-runner.js CHANGED
@@ -2928,7 +2928,22 @@ function normalizeSubmission(submission, playbook) {
2928
2928
 
2929
2929
  // Carry over precondition_checks if the operator supplied them at the top
2930
2930
  // level even in the flat shape.
2931
- if (submission.precondition_checks) Object.assign(out.precondition_checks, submission.precondition_checks);
2931
+ //
2932
+ // v0.12.35 (cycle 15 security F2): the prior `Object.assign(out.precondition_checks,
2933
+ // submission.precondition_checks)` form re-invoked the `__proto__` setter when
2934
+ // the operator submitted JSON containing a `__proto__` key. JSON.parse keeps
2935
+ // `__proto__` as an own data property (CreateDataProperty), but Object.assign
2936
+ // reads it via `[[Get]]` and writes via `[[Set]]`, which DOES trigger the
2937
+ // prototype-rebinding setter. The polluted prototype is confined to
2938
+ // `out.precondition_checks` (not global Object.prototype), but any future code
2939
+ // path that calls `.hasOwnProperty()` directly on the bag would observe the
2940
+ // pollution. Switch to own-key iteration so the prototype stays unmodified.
2941
+ if (submission.precondition_checks) {
2942
+ for (const k of Object.keys(submission.precondition_checks)) {
2943
+ if (k === '__proto__' || k === 'constructor' || k === 'prototype') continue;
2944
+ out.precondition_checks[k] = submission.precondition_checks[k];
2945
+ }
2946
+ }
2932
2947
 
2933
2948
  return out;
2934
2949
  }
package/lib/schemas/skill-frontmatter.schema.json CHANGED
@@ -52,7 +52,7 @@
52
52
  "type": "string",
53
53
  "pattern": "^AML\\.T[0-9]{4}(\\.[0-9]{3})?$"
54
54
  },
55
- "description": "MITRE ATLAS TTP IDs at the pinned version (currently v5.1.0)."
55
+ "description": "MITRE ATLAS TTP IDs at the pinned version (currently v5.4.0)."
56
56
  },
57
57
  "attack_refs": {
58
58
  "type": "array",
package/manifest-snapshot.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "_comment": "Auto-generated by scripts/refresh-manifest-snapshot.js — do not hand-edit. Public skill surface used by check-manifest-snapshot.js to detect breaking removals.",
3
- "_generated_at": "2026-05-16T04:39:41.122Z",
3
+ "_generated_at": "2026-05-16T06:43:11.506Z",
4
4
  "atlas_version": "5.4.0",
5
5
  "skill_count": 42,
6
6
  "skills": [
package/manifest-snapshot.sha256 CHANGED
@@ -1 +1 @@
1
- 390cd070a918bbdb2e6656f60b6c85d47497d8ea6ef47e64a15a4e6d2d3d7dca manifest-snapshot.json
1
+ 522ab669449a14d4298eb7a8f31e5fd7662cd7a5867d248b217080648308f7b8 manifest-snapshot.json