npm - @blamejs/exceptd-skills - Versions diffs - 0.12.36 → 0.12.38 - Mend

@blamejs/exceptd-skills 0.12.36 → 0.12.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/CHANGELOG.md +49 -0
package/README.md +7 -0
package/bin/exceptd.js +102 -4
package/data/_indexes/_meta.json +9 -9
package/data/_indexes/section-offsets.json +37 -37
package/data/_indexes/token-budget.json +20 -20
package/data/cve-catalog.json +4 -1
package/manifest-snapshot.json +1 -1
package/manifest-snapshot.sha256 +1 -1
package/manifest.json +49 -49
package/package.json +1 -1
package/sbom.cdx.json +20 -20
package/skills/cloud-iam-incident/skill.md +1 -1
package/skills/ot-ics-security/skill.md +2 -2
package/skills/sector-energy/skill.md +2 -2
package/skills/sector-federal-government/skill.md +1 -1
package/skills/supply-chain-integrity/skill.md +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,54 @@
 # Changelog
+## 0.12.38 — 2026-05-16
+Cycle 18 security fix + state refresh. The P1 closes a multi-tenant attestation-file-mode gap; cycle 18 A inventoried the full v0.13.0 readiness list (60 items, 11-15 days) for the next minor bump.
+### Security
+**Attestation files now write at mode 0o600 (owner-read/write only).** Pre-fix `~/.exceptd/attestations/<tag>/<sid>/attestation.json` was written with the umask-derived mode — typically 0o644 (group/world-readable) on Linux/macOS. On multi-tenant shared hosts a different user account could read the operator's evidence submission, jurisdiction obligations, and consent records. Both the primary `persistAttestation` write site and the `reattest` replay-record write site now use `fs.writeFileSync(..., { mode: 0o600 })` plus the existing `restrictWindowsAcl` helper from `lib/sign.js` for Windows ACL inheritance stripping. New `tests/attestation-mode-0600.test.js` pins the contract on POSIX hosts (skipped on Windows where ACLs are the surface, not mode bits).
+### Bugs
+**`EXCEPTD_HOME` now documented in README.** Cycle 18 B finding: the env-var override was only mentioned in an inline `attest list` help string. Multi-tenant operators had no way to discover it without grepping the binary. README's flag-reference section now cross-references the env-var path.
+**MAL-2026-NODE-IPC-STEALER `remediation_status: removed_from_registry`.** Cycle 18 C verified npm removed the 3 malicious versions (9.1.6, 9.2.3, 12.0.1) within ~2 hours of publication on 2026-05-14. Catalog now surfaces the registry-cleanup state so operators upgrading to a clean version know they're not racing the active-in-registry phase. The expired-domain TTP class (per `NEW-CTRL-047` in zeroday-lessons) still applies — domain-expiry monitoring is the durable control, not the npm-side cleanup.
+**CVE-2026-42897 (Exchange OWA) `patch_available: false` regression-tested.** Verified Microsoft has not shipped a binary security update; Exchange Emergency Mitigation Service Mitigation M2 is still the only remediation. Catalog truth aligned with current vendor state.
+### Internal
+- Cycle 18 audit dispatched 3 read-only agents (v0.13.0 readiness, attestation persistence, 24h CVE intake). All 3 returned.
+- Cycle 18 A v0.13.0 readiness inventory: 60 items total — 5 `will hard-fail in v0.13.0` markers + 17 legacy verbs to remove + 20 draft CVEs + 13 unresolved xrefs + 3 informational→required gate flips + 2 schema deprecations. Total effort 11-15 days for a single-maintainer minor bump. Detailed list in audit transcript.
+- Cycle 18 B P1 F1 (submission redaction) and F3 (git remote URL in attestation root path) deferred to v0.13 — both are larger schema-or-behavior changes that need design before implementation.
+- 4 new tests in `tests/attestation-mode-0600.test.js` (1 skipped on Windows). Test count 1145 → 1149. 14/14 predeploy gates green.
+## 0.12.37 — 2026-05-16
+Cycle 17 UX + cross-skill consistency pass. Two CLI UX gaps closed (empty-stdin nudge, did-you-mean for typos), one operator-misleading factual error fixed in 3 skills (CVE-2024-3094 claim drift), and one cosmetic naming inconsistency cleaned up.
+### Bugs
+**`--evidence -` empty-stdin nudge.** Cycle 15 + cycle 17 audits both flagged this: when an operator pipes nothing to `--evidence -`, the runner silently treated it as `{}` and proceeded with a "successful" run on no evidence. Pre-fix the only signal was a deterministic `evidence_hash: 572a0e...` that meant nothing to a first-time operator. Now stderr emits an informational note pointing at `exceptd brief <playbook>` for the expected evidence shape; the run still proceeds (legitimate posture-only-walk use case preserved) but the operator at least sees the empty-stdin signal.
+**Did-you-mean for unknown verbs.** Pre-fix `exceptd discoer` exited 10 with the generic "Run `exceptd help`" hint. Now the dispatcher runs a Levenshtein-1 check against the union of `COMMANDS` + `PLAYBOOK_VERBS` + `ORCHESTRATOR_PASSTHROUGH` (includes transposition detection so `disocver` → `discover`). Suggestion surfaces in both the human hint string and a new `did_you_mean[]` JSON field for tooling consumers. Distance >1 still returns the generic hint with `did_you_mean: []` — no false-positive flood.
+**CVE-2024-3094 (xz-utils) operator-misleading claims.** Cycle 17 audit A surfaced 3 skill bodies that contradicted each other and the catalog:
+- `supply-chain-integrity` skill said "not in current `data/cve-catalog.json` — pre-scope incident" — false, the entry has been in the catalog with RWEP 70.
+- `sector-federal-government` skill same wording — false.
+- `cloud-iam-incident` skill table row quoted RWEP 95 / `ai_discovered: Partially` / `active_exploitation: Confirmed` — catalog says RWEP 70 / `ai_discovered: false` / `active_exploitation: suspected`.
+All 3 corrected to match catalog ground truth (RWEP 70, KEV 2024-04-03, `active_exploitation: suspected`, `ai_discovered: false`). Operator running `exceptd dispatch` against an xz-affected estate now gets one consistent story across all 3 skills.
+**Volt Typhoon hyphenation drift.** `ot-ics-security` and `sector-energy` used `Volt-Typhoon-aligned` / `Volt-Typhoon-style`; the rest of the catalog uses unhyphenated `Volt Typhoon`. Standardized to the unhyphenated form. New regression test refuses any future re-introduction of the hyphenated form in any skill body.
+### Internal
+- 3 cycle 17 audit agents dispatched (cross-skill consistency, data_deps integrity, error-path UX). All 3 returned successfully — first cycle since 14 without rate-limit issues.
+- Cycle 17 B (data_deps integrity) surfaced 35 skills declaring incomplete `data_deps` arrays vs body content references. Investigation found `data_deps` is only consumed by `lib/lint-skills.js` for file-existence validation, not by the runner for preload gating (all catalogs load on-demand via `lib/cross-ref-api.js` mtime-keyed cache). Cosmetic correctness issue; deferred to v0.13 bulk-fix when the schema's purpose can be clarified.
+- 8 new tests in `tests/cycle17-ux-fixes.test.js`. Test count 1136 → 1144. 14/14 predeploy gates green.
 ## 0.12.36 — 2026-05-16
 Hard Rule forcing-function coverage pass. Three of the eight AGENTS.md Hard Rules had no binding test — they were policy-only and easy to violate in future PRs without CI catching it. v0.12.36 closes those gaps and adds a cross-format bundle consistency contract.

package/README.md CHANGED Viewed

@@ -233,6 +233,13 @@ exceptd run [playbook]                Phases 4-7. Auto-detects cwd context when
   --force-overwrite                   Override session collision refusal.
   --session-key <hex>                 HMAC sign evidence_package (≥ 16 hex chars).
   --attestation-root <path>           Override ~/.exceptd/attestations/ root.
+                                      Alternative: set EXCEPTD_HOME=<dir>
+                                      env var (attestations land in
+                                      $EXCEPTD_HOME/attestations/). Useful for
+                                      multi-tenant shared hosts where each
+                                      operator wants a private attestation
+                                      root, or for CI runners that should
+                                      scope attestations to the job workspace.
   --explain                           Dry-run: preconditions + artifacts +
                                       signal keys + submission skeleton.
   --signal-list                       Lighter than --explain; enumerate signal

package/bin/exceptd.js CHANGED Viewed

@@ -160,6 +160,49 @@ const ORCHESTRATOR_PASSTHROUGH = new Set([
   "framework-gap", "framework-gap-analysis",
 ]);
+// Cycle 17 P2 S13 (v0.12.37): Levenshtein-1 did-you-mean for unknown verbs.
+// Catches common single-char / transposition typos against the COMMANDS
+// table without false-positive flood: only suggests verbs within distance
+// 1 (one insert / delete / substitute / transpose). For typed-distance 2+
+// the operator probably mistyped intent and `exceptd help` is the right
+// route. The function is exported via the closure into the dispatch
+// site; no module.exports — bin/exceptd.js is the CLI entry, not a library.
+function levenshtein1(a, b) {
+  if (a === b) return 0;
+  const la = a.length, lb = b.length;
+  if (Math.abs(la - lb) > 1) return 2; // short-circuit: can't be ≤ 1
+  // single-edit distance check, early-out at first 2nd mismatch
+  let i = 0, j = 0, edits = 0;
+  while (i < la && j < lb) {
+    if (a.charCodeAt(i) !== b.charCodeAt(j)) {
+      if (++edits > 1) return 2;
+      // adjacent-swap transposition (e.g. "discoer" ↔ "discover") counts
+      // as a single edit operationally, even though pure-Levenshtein
+      // distance would be 2. Detect + treat as 1.
+      if (la === lb && i + 1 < la && j + 1 < lb
+          && a.charCodeAt(i) === b.charCodeAt(j + 1)
+          && a.charCodeAt(i + 1) === b.charCodeAt(j)) {
+        i += 2; j += 2;
+        continue;
+      }
+      if (la > lb) i++;
+      else if (la < lb) j++;
+      else { i++; j++; }
+    } else { i++; j++; }
+  }
+  edits += (la - i) + (lb - j);
+  return edits <= 1 ? edits : 2;
+}
+function suggestVerb(cmd, known) {
+  if (!cmd || typeof cmd !== 'string') return [];
+  const matches = [];
+  for (const v of known) {
+    if (levenshtein1(cmd, v) <= 1) matches.push(v);
+  }
+  return matches.sort();
+}
 // Seven-phase playbook verbs handled in-process (no subprocess dispatch).
 // v0.11.0 introduces: brief (collapses plan/govern/direct/look), discover (scan + dispatch),
 // doctor (currency + verify + validate-cves + validate-rfcs), ci (CI gate),
@@ -549,7 +592,30 @@ function main() {
     // so the stderr JSON drains before teardown; promote the exit code to
     // UNKNOWN_COMMAND (10) afterwards. Cycle 9 split this away from
     // DETECTED_ESCALATE (2) — the two semantics had collided since v0.12.24.
-    emitError(`unknown command "${cmd}"`, { hint: "Run `exceptd help` for the list of verbs.", verb: cmd });
+    //
+    // Cycle 17 P2 S13 (v0.12.37): add a did-you-mean suggestion when the
+    // unknown verb is within Levenshtein-1 of a real verb (catches the
+    // common single-char typos: `discoer` → `discover`, `attst` → `attest`,
+    // `valdiate-cves` → `validate-cves`).
+    // Union of every verb the dispatcher knows: standalone COMMANDS (scan,
+    // currency, build-indexes, etc.), in-process PLAYBOOK_VERBS (run, ci,
+    // discover, attest, ...), and ORCHESTRATOR_PASSTHROUGH. Strip the
+    // flag-aliases (--version/-v/--help/-h) which already get caught above
+    // the dispatch path. De-dup via Set — these collections deliberately
+    // overlap (scan/dispatch/etc appear in both COMMANDS and
+    // ORCHESTRATOR_PASSTHROUGH) and a naive union would surface duplicate
+    // suggestions like `did_you_mean: ["scan", "scan"]`. (codex P2,
+    // v0.12.37 follow-up.)
+    const known = [...new Set([
+      ...Object.keys(COMMANDS),
+      ...PLAYBOOK_VERBS,
+      ...ORCHESTRATOR_PASSTHROUGH,
+    ])].filter((v) => v && !v.startsWith('-'));
+    const dym = suggestVerb(cmd, known);
+    const hint = dym.length > 0
+      ? `Did you mean \`${dym.join("` or `")}\`? Run \`exceptd help\` for the full verb list.`
+      : "Run `exceptd help` for the list of verbs.";
+    emitError(`unknown command "${cmd}"`, { hint, verb: cmd, did_you_mean: dym });
     process.exitCode = EXIT_CODES.UNKNOWN_COMMAND;
     return;
   }
@@ -757,7 +823,22 @@ function readEvidence(evidenceFlag) {
       chunks.push(Buffer.from(buf.subarray(0, n)));
     }
     const text = Buffer.concat(chunks).toString("utf8");
-    if (!text.trim()) return {};
+    if (!text.trim()) {
+      // Cycle 17 P1 S4 (v0.12.37): pre-fix empty stdin silently became {}
+      // — operator got a "successful" run on no evidence with no warning,
+      // and the evidence_hash for `{}` is deterministic so subsequent
+      // runs didn't even reveal the mistake. Emit a stderr nudge so the
+      // operator at least sees that stdin was empty when they almost
+      // certainly meant to pipe something. Don't change exit semantics;
+      // the empty-payload path is still legitimately useful for posture-
+      // only playbooks (govern + direct + look-only walks).
+      process.stderr.write(
+        `[exceptd] note: --evidence - read 0 bytes from stdin. Treating as empty evidence {}. ` +
+        `If you meant to pipe a submission, run \`exceptd brief <playbook>\` to see the expected shape; ` +
+        `if you wanted a posture-only walk, this message is informational and the run will proceed.\n`,
+      );
+      return {};
+    }
     return JSON.parse(text);
   }
   let stat;
@@ -3574,7 +3655,18 @@ function persistAttestation(args) {
       // between existsSync and writeFileSync. Two concurrent run-with-same-
       // session-id invocations now produce one winner + one EEXIST loser,
       // not silent last-write-wins.
-      fs.writeFileSync(filePath, JSON.stringify(attestation, null, 2), { flag });
+      //
+      // v0.12.38 (cycle 18 P1 F2): mode 0o600 + Windows ACL hardening.
+      // Pre-fix attestations were written world-readable (umask-derived
+      // 0o644). On multi-tenant shared hosts a different user could read
+      // the operator's evidence submission, jurisdiction obligations,
+      // and consent records. Mirrors the existing private-key handling
+      // in lib/sign.js (mode 0o600 + restrictWindowsAcl).
+      fs.writeFileSync(filePath, JSON.stringify(attestation, null, 2), { flag, mode: 0o600 });
+      try {
+        const { restrictWindowsAcl } = require(path.join(PKG_ROOT, "lib", "sign.js"));
+        restrictWindowsAcl(filePath);
+      } catch { /* sign.js not loadable in some test paths — best-effort */ }
       maybeSignAttestation(filePath);
     };
@@ -4267,7 +4359,13 @@ function cmdReattest(runner, args, runOpts, pretty) {
       const suffix = i === 0 ? "" : "-" + crypto.randomBytes(3).toString("hex");
       const candidate = path.join(dir, replayBaseName + suffix + ".json");
       try {
-        fs.writeFileSync(candidate, JSON.stringify(replayBody, null, 2), { flag: "wx" });
+        // v0.12.38 cycle 18 P1 F2: mode 0o600 + Windows ACL hardening
+        // (matches the primary attestation write site).
+        fs.writeFileSync(candidate, JSON.stringify(replayBody, null, 2), { flag: "wx", mode: 0o600 });
+        try {
+          const { restrictWindowsAcl } = require(path.join(PKG_ROOT, "lib", "sign.js"));
+          restrictWindowsAcl(candidate);
+        } catch { /* best-effort */ }
         replayPath = candidate;
         written = true;
         break;

package/data/_indexes/_meta.json CHANGED Viewed

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-16T13:07:12.636Z",
+  "generated_at": "2026-05-16T14:53:58.590Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "d25d929ae43840da3ebfe052cf8da1969347e8fcbe1d59959fbb33c9ba9eadbe",
+    "manifest.json": "46518d99e0b18b4522982bcd2867c43dacba010390a2cc5e75d4c17c5d0f5b4c",
     "data/atlas-ttps.json": "259e76e4252c7a56c17bbe96982a5e37ac89131c2d37a547fe38d64dcacfd763",
     "data/attack-techniques.json": "51f60819aef36e960fd768e44dcc725e137781534fbbb028e5ef6baa21defa1d",
-    "data/cve-catalog.json": "55aa571423fd254e6581b22a189a1c0eeb76d467b0ef645d1dfa39f74b28c569",
+    "data/cve-catalog.json": "5bfd08a3fc62850e0cdaf454a2dce3e6719acb8917b7c7249c4c02bf945b62f5",
     "data/cwe-catalog.json": "6e7349a0fac39bdf9c4cb4598e101e51400f67d64c5d653bbca462f28bc1a0cb",
     "data/d3fend-catalog.json": "a1fc2827ceb344669e148d55197dbf1b0e5b20bcc618e90517639c17d67ee82d",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
@@ -35,18 +35,18 @@
     "skills/attack-surface-pentest/skill.md": "9cb02d9d428ef674ba8af8c935f86ddca197f0ba1f7d216d76ce1b268ae4bb6a",
     "skills/fuzz-testing-strategy/skill.md": "eaab866236c8cb8a6c8ddc5e65d786ee6d598682de6014ed4e83c6cd163a2128",
     "skills/dlp-gap-analysis/skill.md": "ee9fd4928d96b2e9957d8db9dec90c844443fbcf2a292e69040bfa47c78a4f4b",
-    "skills/supply-chain-integrity/skill.md": "b44a8704e37d8efcd97d8e998e6b2b454e1bc3ba956c6aaf105aa155ffffd2a8",
+    "skills/supply-chain-integrity/skill.md": "497f1ef20f3e506ce1bec5ec65730ffc58300054ff3e8e563e0862838164491a",
     "skills/defensive-countermeasure-mapping/skill.md": "e62c71ba3be2b4d0f7dfa529fec007cba6bee3013f76b93756e3e6310f2d22ab",
     "skills/identity-assurance/skill.md": "6fd734d5cf8eed031537c9ccb1ad11c09ec4e88d31c45d86046a2154a6770990",
-    "skills/ot-ics-security/skill.md": "2a30c888e515bed3c121e7396f841e15cad53fe443b3f0a1c3f2670c8c317339",
+    "skills/ot-ics-security/skill.md": "258003e15bd4e939a1ec1f71c22ffa4dccd6d3194411281f4685abfe840d7cd3",
     "skills/coordinated-vuln-disclosure/skill.md": "0e875953bb8a38a89c8ec5d2a9ef967b12e9a9f166dc9356723f10304fd0535e",
     "skills/threat-modeling-methodology/skill.md": "bb34933a1eee2cd1da98da5a5dada2c7fc7ebb0bddf5afb39e1f6ee26064d151",
     "skills/webapp-security/skill.md": "6fdae41856963df0f8655fb52df7cd26b6b47031f55dfe897003ed9647a73ab5",
     "skills/ai-risk-management/skill.md": "10d31ca594449e1fef4c34ea45448ab30a6ffdc2fe1faf4ccaf0a1dd05d67774",
     "skills/sector-healthcare/skill.md": "217066e5961fbc3fcd1b5e3df42f299d7aeaf3b5f25e913152836b77f211f96d",
     "skills/sector-financial/skill.md": "77f6355eb7672f2157bf3d18bfe1d6042efe302468ebddd48ffc385655bf4d10",
-    "skills/sector-federal-government/skill.md": "4b5b2f46c97a1571eecbb1c92ca40ac69a8cafc9f74f39539a08cb539ee65f39",
-    "skills/sector-energy/skill.md": "b3f1a979beab4f22d689ea74c6aa43b7f1b9017a9b2110310adc2af8305fa134",
+    "skills/sector-federal-government/skill.md": "981bd7aea1b3ba7875d1222f077126d4eb9462bed46e3e6f5cfed5f94378b152",
+    "skills/sector-energy/skill.md": "44b635b9c52bb10ee2f8d786400926e018c7581387324f59ee3a815de4929c9c",
     "skills/sector-telecom/skill.md": "3489410b0905cbf6b392ea7f7cde35ccd4b03de0d22d2d1b0c671e46d70962c9",
     "skills/api-security/skill.md": "75dcb1b9395de2be4ca60e53f900692721b7ef66ded3e510a20d17f35daf982d",
     "skills/cloud-security/skill.md": "56f0d5d6cf182d347e84baa95a04c39be51e82da3360dac48fcf5d8c4e56a9c3",
@@ -56,7 +56,7 @@
     "skills/ransomware-response/skill.md": "15de039c5679215b7ceb9a55494f614b06fe618aa0f69ce8aff004dc9a841fa4",
     "skills/email-security-anti-phishing/skill.md": "b5a7693b3ddbd6cd83303d092bc5e324db431245d25c4945d9f65fcffa1995e7",
     "skills/age-gates-child-safety/skill.md": "66c7f6537077e4e949214ebf3864cb75de0f50f80fa25d25365c6d7fe485dc7a",
-    "skills/cloud-iam-incident/skill.md": "10e2af2cf8292f457cd3877bcee37f6ee30c80037a3ef5b367fba25195c7a791",
+    "skills/cloud-iam-incident/skill.md": "f124d1170cffb490ddd093ad6fc9876591515643fb2f51379023a08548c7290d",
     "skills/idp-incident-response/skill.md": "3d75d7a0fc5b9a3c584ac5c6510f8b6bd63b7b780488541eb193250ae795b4e2"
   },
   "skill_count": 42,
@@ -78,7 +78,7 @@
     "handoff_dag_nodes": 42,
     "summary_cards": 42,
     "section_offsets_skills": 42,
-    "token_budget_total_approx": 397777,
+    "token_budget_total_approx": 397769,
     "recipes": 8,
     "jurisdiction_clocks": 29,
     "did_ladders": 8,

package/data/_indexes/section-offsets.json CHANGED Viewed

@@ -2039,7 +2039,7 @@
     },
     "supply-chain-integrity": {
       "path": "skills/supply-chain-integrity/skill.md",
-      "total_bytes": 40261,
+      "total_bytes": 40250,
       "total_lines": 325,
       "frontmatter": {
         "line_start": 1,
@@ -2080,16 +2080,16 @@
           "normalized_name": "exploit-availability-matrix",
           "line": 161,
           "byte_start": 21416,
-          "byte_end": 25997,
-          "bytes": 4581,
+          "byte_end": 25986,
+          "bytes": 4570,
           "h3_count": 0
         },
         {
           "name": "Analysis Procedure",
           "normalized_name": "analysis-procedure",
           "line": 178,
-          "byte_start": 25997,
-          "byte_end": 33454,
+          "byte_start": 25986,
+          "byte_end": 33443,
           "bytes": 7457,
           "h3_count": 4
         },
@@ -2097,8 +2097,8 @@
           "name": "Output Format",
           "normalized_name": "output-format",
           "line": 252,
-          "byte_start": 33454,
-          "byte_end": 35556,
+          "byte_start": 33443,
+          "byte_end": 35545,
           "bytes": 2102,
           "h3_count": 9
         },
@@ -2106,8 +2106,8 @@
           "name": "Compliance Theater Check",
           "normalized_name": "compliance-theater-check",
           "line": 292,
-          "byte_start": 35556,
-          "byte_end": 37844,
+          "byte_start": 35545,
+          "byte_end": 37833,
           "bytes": 2288,
           "h3_count": 0
         },
@@ -2115,8 +2115,8 @@
           "name": "Defensive Countermeasure Mapping",
           "normalized_name": "defensive-countermeasure-mapping",
           "line": 308,
-          "byte_start": 37844,
-          "byte_end": 40261,
+          "byte_start": 37833,
+          "byte_end": 40250,
           "bytes": 2417,
           "h3_count": 0
         }
@@ -2979,7 +2979,7 @@
     },
     "sector-federal-government": {
       "path": "skills/sector-federal-government/skill.md",
-      "total_bytes": 44168,
+      "total_bytes": 44157,
       "total_lines": 306,
       "frontmatter": {
         "line_start": 1,
@@ -3020,16 +3020,16 @@
           "normalized_name": "exploit-availability-matrix",
           "line": 137,
           "byte_start": 20115,
-          "byte_end": 26311,
-          "bytes": 6196,
+          "byte_end": 26300,
+          "bytes": 6185,
           "h3_count": 0
         },
         {
           "name": "Analysis Procedure",
           "normalized_name": "analysis-procedure",
           "line": 156,
-          "byte_start": 26311,
-          "byte_end": 34351,
+          "byte_start": 26300,
+          "byte_end": 34340,
           "bytes": 8040,
           "h3_count": 4
         },
@@ -3037,8 +3037,8 @@
           "name": "Output Format",
           "normalized_name": "output-format",
           "line": 213,
-          "byte_start": 34351,
-          "byte_end": 36839,
+          "byte_start": 34340,
+          "byte_end": 36828,
           "bytes": 2488,
           "h3_count": 10
         },
@@ -3046,8 +3046,8 @@
           "name": "Compliance Theater Check",
           "normalized_name": "compliance-theater-check",
           "line": 267,
-          "byte_start": 36839,
-          "byte_end": 39707,
+          "byte_start": 36828,
+          "byte_end": 39696,
           "bytes": 2868,
           "h3_count": 0
         },
@@ -3055,8 +3055,8 @@
           "name": "Defensive Countermeasure Mapping",
           "normalized_name": "defensive-countermeasure-mapping",
           "line": 281,
-          "byte_start": 39707,
-          "byte_end": 42707,
+          "byte_start": 39696,
+          "byte_end": 42696,
           "bytes": 3000,
           "h3_count": 0
         },
@@ -3064,8 +3064,8 @@
           "name": "Hand-Off",
           "normalized_name": "hand-off",
           "line": 295,
-          "byte_start": 42707,
-          "byte_end": 44168,
+          "byte_start": 42696,
+          "byte_end": 44157,
           "bytes": 1461,
           "h3_count": 0
         }
@@ -4013,7 +4013,7 @@
     },
     "cloud-iam-incident": {
       "path": "skills/cloud-iam-incident/skill.md",
-      "total_bytes": 44569,
+      "total_bytes": 44562,
       "total_lines": 420,
       "frontmatter": {
         "line_start": 1,
@@ -4054,16 +4054,16 @@
           "normalized_name": "exploit-availability-matrix",
           "line": 167,
           "byte_start": 19519,
-          "byte_end": 22898,
-          "bytes": 3379,
+          "byte_end": 22891,
+          "bytes": 3372,
           "h3_count": 0
         },
         {
           "name": "Analysis Procedure",
           "normalized_name": "analysis-procedure",
           "line": 189,
-          "byte_start": 22898,
-          "byte_end": 30523,
+          "byte_start": 22891,
+          "byte_end": 30516,
           "bytes": 7625,
           "h3_count": 12
         },
@@ -4071,8 +4071,8 @@
           "name": "Output Format",
           "normalized_name": "output-format",
           "line": 279,
-          "byte_start": 30523,
-          "byte_end": 32721,
+          "byte_start": 30516,
+          "byte_end": 32714,
           "bytes": 2198,
           "h3_count": 15
         },
@@ -4080,8 +4080,8 @@
           "name": "Compliance Theater Check",
           "normalized_name": "compliance-theater-check",
           "line": 342,
-          "byte_start": 32721,
-          "byte_end": 37320,
+          "byte_start": 32714,
+          "byte_end": 37313,
           "bytes": 4599,
           "h3_count": 0
         },
@@ -4089,8 +4089,8 @@
           "name": "Defensive Countermeasure Mapping",
           "normalized_name": "defensive-countermeasure-mapping",
           "line": 378,
-          "byte_start": 37320,
-          "byte_end": 41396,
+          "byte_start": 37313,
+          "byte_end": 41389,
           "bytes": 4076,
           "h3_count": 0
         },
@@ -4098,8 +4098,8 @@
           "name": "Hand-Off / Related Skills",
           "normalized_name": "hand-off",
           "line": 400,
-          "byte_start": 41396,
-          "byte_end": 44569,
+          "byte_start": 41389,
+          "byte_end": 44562,
           "bytes": 3173,
           "h3_count": 0
         }

package/data/_indexes/token-budget.json CHANGED Viewed

@@ -3,8 +3,8 @@
     "schema_version": "1.0.0",
     "tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
     "approx_chars_per_token": 4,
-    "total_chars": 1591081,
-    "total_approx_tokens": 397777,
+    "total_chars": 1591052,
+    "total_approx_tokens": 397769,
     "skill_count": 42
   },
   "skills": {
@@ -1185,10 +1185,10 @@
     },
     "supply-chain-integrity": {
       "path": "skills/supply-chain-integrity/skill.md",
-      "bytes": 40261,
-      "chars": 40123,
+      "bytes": 40250,
+      "chars": 40112,
       "lines": 325,
-      "approx_tokens": 10031,
+      "approx_tokens": 10028,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -1207,9 +1207,9 @@
           "approx_tokens": 779
         },
         "exploit-availability-matrix": {
-          "bytes": 4581,
-          "chars": 4521,
-          "approx_tokens": 1130
+          "bytes": 4570,
+          "chars": 4510,
+          "approx_tokens": 1128
         },
         "analysis-procedure": {
           "bytes": 7457,
@@ -1735,10 +1735,10 @@
     },
     "sector-federal-government": {
       "path": "skills/sector-federal-government/skill.md",
-      "bytes": 44168,
-      "chars": 43995,
+      "bytes": 44157,
+      "chars": 43984,
       "lines": 306,
-      "approx_tokens": 10999,
+      "approx_tokens": 10996,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -1757,9 +1757,9 @@
           "approx_tokens": 603
         },
         "exploit-availability-matrix": {
-          "bytes": 6196,
-          "chars": 6114,
-          "approx_tokens": 1529
+          "bytes": 6185,
+          "chars": 6103,
+          "approx_tokens": 1526
         },
         "analysis-procedure": {
           "bytes": 8040,
@@ -2340,10 +2340,10 @@
     },
     "cloud-iam-incident": {
       "path": "skills/cloud-iam-incident/skill.md",
-      "bytes": 44569,
-      "chars": 44411,
+      "bytes": 44562,
+      "chars": 44404,
       "lines": 420,
-      "approx_tokens": 11103,
+      "approx_tokens": 11101,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -2362,9 +2362,9 @@
           "approx_tokens": 1129
         },
         "exploit-availability-matrix": {
-          "bytes": 3379,
-          "chars": 3375,
-          "approx_tokens": 844
+          "bytes": 3372,
+          "chars": 3368,
+          "approx_tokens": 842
         },
         "analysis-procedure": {
           "bytes": 7625,

package/data/cve-catalog.json CHANGED Viewed

@@ -3568,6 +3568,9 @@
     "last_updated": "2026-05-15",
     "discovery_attribution_note": "Concurrent ecosystem-detection by Socket (https://socket.dev/blog/node-ipc-package-compromised), StepSecurity (https://www.stepsecurity.io/blog/node-ipc-npm-supply-chain-attack), Semgrep (https://semgrep.dev/blog/2026/not-your-ipc-but-node-ipc-npm-hit-again-with-supply-chain-attack-but-this-time-its-not-a-worm/), and Datadog Security Labs (https://securitylabs.datadoghq.com/articles/node-ipc-npm-malware-analysis/) within hours of the 2026-05-14 publish window. Consolidated coverage by The Hacker News (https://thehackernews.com/2026/05/stealer-backdoor-found-in-3-node-ipc.html). No single human researcher credited; no AI-tool credit on the defender side. Discovery class: ecosystem-detection (telemetry-driven, no AI tool). Source-data ambiguity noted: monthly-download figure reported as 3.35M (npm registry direct) but Socket cited 822K weekly and The Hacker News cited 10M weekly — npm-registry-direct figure carried in the affected description; alternative figures retained in this note so future audits can reconcile against npm's API once the live counter rolls forward past the yank.",
     "_editorial_promoted": "2026-05-15",
-    "_editorial_note": "Cycle 13 intake (v0.12.33): cycle 13 agent C surfaced node-ipc 2026-05-14 publish event in the 24h-window check. Novel attack precondition (expired-domain re-registration + npm password-reset abuse) makes this a distinct supply-chain class from the Shai-Hulud (token-compromise) and elementary-data (typosquat + orphan-commit) precedents; warrants its own NEW-CTRL-047 in zeroday-lessons.json. RWEP factors satisfy Shape B invariant (0 + 20 + 0 + 20 + 28 - 15 - 10 + 0 = 43); discovery_attribution_note cites multiple firms with URLs."
+    "_editorial_note": "Cycle 13 intake (v0.12.33): cycle 13 agent C surfaced node-ipc 2026-05-14 publish event in the 24h-window check. Novel attack precondition (expired-domain re-registration + npm password-reset abuse) makes this a distinct supply-chain class from the Shai-Hulud (token-compromise) and elementary-data (typosquat + orphan-commit) precedents; warrants its own NEW-CTRL-047 in zeroday-lessons.json. RWEP factors satisfy Shape B invariant (0 + 20 + 0 + 20 + 28 - 15 - 10 + 0 = 43); discovery_attribution_note cites multiple firms with URLs.",
+    "remediation_status": "removed_from_registry",
+    "remediation_note": "npm removed all 3 malicious versions (9.1.6, 9.2.3, 12.0.1) within ~2 hours of publication on 2026-05-14. Publisher account atiertant was deactivated. The expired-domain TTP (atlantis-software.net re-registered via Namecheap on 2026-05-07 after Jan 2025 expiry) remains the novel attack class to defend against — see zeroday-lessons NEW-CTRL-047 (PACKAGE-MAINTAINER-DOMAIN-EXPIRY-MONITORING).",
+    "remediation_status_verified_at": "2026-05-16"
   }
 }

package/manifest-snapshot.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "_comment": "Auto-generated by scripts/refresh-manifest-snapshot.js — do not hand-edit. Public skill surface used by check-manifest-snapshot.js to detect breaking removals.",
-  "_generated_at": "2026-05-16T13:06:35.814Z",
+  "_generated_at": "2026-05-16T14:53:21.883Z",
   "atlas_version": "5.4.0",
   "skill_count": 42,
   "skills": [

package/manifest-snapshot.sha256 CHANGED Viewed

	@@ -1 +1 @@
1	- ~~deabb08300ea4087584070d6f434958a65ef6269a0d08a5a518985b083a3550b~~ manifest-snapshot.json
1	+ 774078803a8ee8679906902c59ed3d3cf10651a6e239504663c8b238a900bde4 manifest-snapshot.json

package/manifest.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.12.36",
+  "version": "0.12.38",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -53,7 +53,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "N6H4u/u1fCFE6f/3QVkAr2cumZvLNE+xYBC91CCxKoeaSKm5zqbwzb2mvFDk9XKUegUy5W6npLFGi75yxNMIAg==",
-      "signed_at": "2026-05-16T13:06:35.476Z",
+      "signed_at": "2026-05-16T14:53:21.507Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -117,7 +117,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "CmPu9xiYnUQyug3+aQ8jwuros3EGIIxL4/vaSgvaBVgI0Zd96ehlSBHw9ISd3eXzEImvGTdFEYZEpSHoH76fBw==",
-      "signed_at": "2026-05-16T13:06:35.479Z",
+      "signed_at": "2026-05-16T14:53:21.509Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -180,7 +180,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "5jdS7h9+CgfkXIf0OOLEIBxoBFv9TSQh0HPEs2Ra6hmpFbyBPV6zAs7yFi+66EAXoHicasGL04QA10L0MGZyAg==",
-      "signed_at": "2026-05-16T13:06:35.479Z",
+      "signed_at": "2026-05-16T14:53:21.510Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -226,7 +226,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "ZfW88vN0se3O9AEpjsfImRFCEC9ayOsNYthRSrj+eIOO8XVu4C0Jk9INSBwX+8ws6ZVsEMvQ3htyouTGIapcCQ==",
-      "signed_at": "2026-05-16T13:06:35.479Z"
+      "signed_at": "2026-05-16T14:53:21.510Z"
     },
     {
       "name": "compliance-theater",
@@ -257,7 +257,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "OTu6DScKDWxaR1+TZ3S6FGBmf7c6WKkXOdP2MdMwMNjY5OJ7RSSXrOWg4XnT32VRtGncOetlHG47VZ0KgwWNCA==",
-      "signed_at": "2026-05-16T13:06:35.480Z"
+      "signed_at": "2026-05-16T14:53:21.510Z"
     },
     {
       "name": "exploit-scoring",
@@ -286,7 +286,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "T34BtDdNUzPblA+dG4LSAqNycM1kEFQpQAX6bvXWX3B02LB7VNBfQnD/52sDteAi+ishRf5IihuEYez8wRHGBA==",
-      "signed_at": "2026-05-16T13:06:35.480Z"
+      "signed_at": "2026-05-16T14:53:21.511Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -323,7 +323,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "kApombCESpQjg17tecmcOIPKxzKuYrkQM78S8eX8jA5ovjGgzl3kIJjcjKib15Vgy/MOpsh0GaWYpCEhCLRyDw==",
-      "signed_at": "2026-05-16T13:06:35.481Z",
+      "signed_at": "2026-05-16T14:53:21.511Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -380,7 +380,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "DRqLIBG1cJKMeTc5gpzWdb0ThvBTLrWl9CaFx4mNesIImUEWSEycrhILfPQ4fbA1jyhD1dsBJzttTZFKbezFDA==",
-      "signed_at": "2026-05-16T13:06:35.481Z",
+      "signed_at": "2026-05-16T14:53:21.512Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -415,7 +415,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "87pHjZe0xEuYR18owLqCHDtHNQ7bf8YzF6RaJlILN0n7ohgAdkmhWVODpTMA+/Ku0RLhMwz8dSkx48ue3VfLAw==",
-      "signed_at": "2026-05-16T13:06:35.482Z",
+      "signed_at": "2026-05-16T14:53:21.512Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -443,7 +443,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "X8BQpeJFFTxvE9jWkmqF1J5EnSB63TMNF/VCU6RQLf/+XsGYarOokZ5lWvZT2IL3djwxzzbWhr0BMtuLMtEcAg==",
-      "signed_at": "2026-05-16T13:06:35.482Z"
+      "signed_at": "2026-05-16T14:53:21.513Z"
     },
     {
       "name": "global-grc",
@@ -475,7 +475,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "7yVjZkanFMKDQqXdX4B/7oLc2Rz72xHC1zscYd8F/+e5UAbR7ikK8Bn5EKZt3aBEOhHPAviSQNCMxpZD9U00CA==",
-      "signed_at": "2026-05-16T13:06:35.482Z"
+      "signed_at": "2026-05-16T14:53:21.513Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -502,7 +502,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "iwosQ4gcFZc+6QSmxUOhHB3jse8tHxd3XsXl155mU4K5UgbctHNhOUKMmF7WnUVfOUQ7PafHiMzZIbevvenNBA==",
-      "signed_at": "2026-05-16T13:06:35.483Z"
+      "signed_at": "2026-05-16T14:53:21.513Z"
     },
     {
       "name": "pqc-first",
@@ -554,7 +554,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "V+qn5FqUlETfsEjvvi6jZGuQdqLFtFejfgPA6KSYxSlBXBTbOBXP3BGk5S+ba9akIzgbKh1j9VGB1MqsIt56DA==",
-      "signed_at": "2026-05-16T13:06:35.483Z",
+      "signed_at": "2026-05-16T14:53:21.514Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -601,7 +601,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "mqjxjEhZiF+yOlqFr6ak39+NkNsasDxW9in5EBczWDxD9ngIxfnpVjKbnr5g+prB4qz3cG28UBtu8cHz9vJbBw==",
-      "signed_at": "2026-05-16T13:06:35.483Z"
+      "signed_at": "2026-05-16T14:53:21.514Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -638,7 +638,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "cZnSuh0PwPZjzxgfOoKNYDGz9bbdfDIAlQrUuavmRFxWmdAIoarOYsPwPG8NXYRqzxVdRbu8R7eF/+dssbfZDw==",
-      "signed_at": "2026-05-16T13:06:35.484Z",
+      "signed_at": "2026-05-16T14:53:21.514Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -673,7 +673,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "/lGgWehCMQUXjI6w4FUa+5wrbyRnct+txvVcXA+D2/ZEkoJKh+J/psO3j5HPf7Hpv+Y5SmkH71CoO+9qilyVDQ==",
-      "signed_at": "2026-05-16T13:06:35.484Z"
+      "signed_at": "2026-05-16T14:53:21.515Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -744,7 +744,7 @@
         "PTES revision incorporating AI-surface enumeration"
       ],
       "signature": "Zo+2DFJhxNkEvQ8X+eYnqtLKepukif9IyD7LmqK/MX6tyfOp/gXGl9KEOddhubuV2a79zEc/OGOYfTHsEVzcAg==",
-      "signed_at": "2026-05-16T13:06:35.484Z"
+      "signed_at": "2026-05-16T14:53:21.515Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -804,7 +804,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "jZq4Kv81CxQMMOAnw3/A1tBe5fIfrr+SGltivqcmH4WjUKmk6byO5BWCZKTxWWuaGa/AonsSDk5CGUPx9h8ZBw==",
-      "signed_at": "2026-05-16T13:06:35.484Z"
+      "signed_at": "2026-05-16T14:53:21.515Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -879,7 +879,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "vY2ym7pUhzJBD6R6jI4JwSKciqVS1fyVPuszN4WTiKJvYGePkis6w7upk/Fw0OXjnNSNdEf3f534FHRzGk5UDg==",
-      "signed_at": "2026-05-16T13:06:35.485Z"
+      "signed_at": "2026-05-16T14:53:21.516Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -955,8 +955,8 @@
         "EU CRA (Regulation 2024/2847) — implementing acts for technical documentation and SBOM submission expected through 2027",
         "OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
       ],
-      "signature": "Xzn7gLFq8ErUJ7jhm2zPkmfPtqKcd6ONW0at6cE7uJyUq1+1d4l9BxLNL+BQTD0SnJRAq01CBfYKZ2+EgkSWCQ==",
-      "signed_at": "2026-05-16T13:06:35.485Z"
+      "signature": "SB5gpZ8nT7yZNIr9qaXf9l0ShbsE/b1+XYNucaOIi/G6YcjLly+u+mKGiY7qBVv3CP1FO7pbSvB/e5dlR2AsCw==",
+      "signed_at": "2026-05-16T14:53:21.516Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1013,7 +1013,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "XZigwq8X/csfrdG10O6Q1V5q0zUqSQGd3QrjRKkZ4fkaodG4mZahYuIQqxc8rU9jjtGAm9LtBXYB+I5csqj9Bw==",
-      "signed_at": "2026-05-16T13:06:35.485Z"
+      "signed_at": "2026-05-16T14:53:21.516Z"
     },
     {
       "name": "identity-assurance",
@@ -1080,7 +1080,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "k0HrsZMBxiPWB1jl4dRwhv/R5IsqbZ+SLDv1Jx3/sRl51JyXjtm8vyogTNhSwsl5/IkaRakqIPJFRFRl5h/9CQ==",
-      "signed_at": "2026-05-16T13:06:35.486Z"
+      "signed_at": "2026-05-16T14:53:21.517Z"
     },
     {
       "name": "ot-ics-security",
@@ -1135,8 +1135,8 @@
       ],
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
-      "signature": "HmRtZCypmBYptm6iPkIcIx1yWVhN45SXnybksWlVMHeJ4KrhsNk1jkz2MGYmy6xKTgHW0RLa4tjIkZbGW6ZCBg==",
-      "signed_at": "2026-05-16T13:06:35.486Z"
+      "signature": "kAYm2ym/wCoYnA0cMP7kY/0R+/IFTzuZ2Dn514xnLdQ+6aTbxJel9tTn+a6d7F8IWidciC9Xx4nG1A11VqofCg==",
+      "signed_at": "2026-05-16T14:53:21.517Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1188,7 +1188,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "f1w8AOT3bw+IeaAkg+vubUf7+Gx+/zTuQyIKOxQTbF9m1HGIE/SJQlWZST9ALtlH1BN4gJK5WPRmloX6LzQYBw==",
-      "signed_at": "2026-05-16T13:06:35.487Z"
+      "signed_at": "2026-05-16T14:53:21.517Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1238,7 +1238,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "bOexHUZApL+t6r84lombGCRHOh8jT9f3rm9ckcdu0Mz6hKuoa9uMGq5D+JESKMoOdFMPMZM4KpjZ+fcYExp2AQ==",
-      "signed_at": "2026-05-16T13:06:35.487Z"
+      "signed_at": "2026-05-16T14:53:21.518Z"
     },
     {
       "name": "webapp-security",
@@ -1312,7 +1312,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "TS1bOSeoGVK77LkHrUrZALK5PeturDTZe68vippxgJ9q7dQYa6n+CQFydiPfam2HZZJWtRHfs+4bL8PS7qQtAw==",
-      "signed_at": "2026-05-16T13:06:35.487Z"
+      "signed_at": "2026-05-16T14:53:21.518Z"
     },
     {
       "name": "ai-risk-management",
@@ -1362,7 +1362,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "8E82UwKFNraXV/MKAbiUV6gUryYuN+Ff/kiv1aW4/XtriShdTyt/UgRuQJ8LXGXl0jMH8hRJ/xTAV8LOJqexDA==",
-      "signed_at": "2026-05-16T13:06:35.488Z"
+      "signed_at": "2026-05-16T14:53:21.518Z"
     },
     {
       "name": "sector-healthcare",
@@ -1422,7 +1422,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "oW7JP2esMH8RxJKHnKXj3uHKJ7E5iEvp+fg1PQWRL0FbTu1K/SwY56tVzeBZgfNBGb5W4Q7TKk7r+Fh9tXD+AQ==",
-      "signed_at": "2026-05-16T13:06:35.488Z"
+      "signed_at": "2026-05-16T14:53:21.519Z"
     },
     {
       "name": "sector-financial",
@@ -1503,7 +1503,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "8YE9Csb1WGVXzHUG2ZIw7vG0f4h6xZ3dqZMH8vsCzs9/uNaifToOhHXfjfzycqoE9jmOTcp2lFLTvim1FrJjCA==",
-      "signed_at": "2026-05-16T13:06:35.488Z"
+      "signed_at": "2026-05-16T14:53:21.519Z"
     },
     {
       "name": "sector-federal-government",
@@ -1571,8 +1571,8 @@
         "EU Cybersecurity Certification Scheme on Common Criteria (EUCC) operational — first certificates issued 2024; high-assurance level for government use cases ramping",
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
-      "signature": "p0/idjKkA9sFyj+w2IyN/FxB9P+26jkYEo+4jusKKiIdLljsSTsybBhCgLaneeAS5Emd8uipv9HwK9WoiVFMBQ==",
-      "signed_at": "2026-05-16T13:06:35.489Z"
+      "signature": "OJVU06d5AVJffRAWuo1FlkEmtNXckfte/aHBIny98w5644d7jcxxj7I1VH7PaRaBOz049T5MJ9PlAwaRIB2LDA==",
+      "signed_at": "2026-05-16T14:53:21.520Z"
     },
     {
       "name": "sector-energy",
@@ -1636,8 +1636,8 @@
         "MadIoT-class research on consumer-IoT-driven grid frequency manipulation moving from proof-of-concept to attributed campaigns",
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
-      "signature": "KD6FPVduRPasDOo7T2W4XEPiwBc2mUXZDzbKynIDnfOcSNJcOQ4QSvHhMhcgevwYflYwCsps2exnVO3Fyn8DAA==",
-      "signed_at": "2026-05-16T13:06:35.490Z"
+      "signature": "kp9RgI7ViCNA2fxdbPZQxKlIVSvcArIyYqQdfojgvh9OYALvI4Bp3XB2RMcJZX1VORfUm3bKZjV8MRZsqCNtDg==",
+      "signed_at": "2026-05-16T14:53:21.520Z"
     },
     {
       "name": "sector-telecom",
@@ -1723,7 +1723,7 @@
         "O-RAN SFG / WG11 security specifications"
       ],
       "signature": "VKLuoRkFq7lNXqySipwzPSaiHaqemHQ2cReemF/Xy9hUpD9orQaTVZWClOA4lzoF6d2eQ/CeS///Jjnj4g9dCg==",
-      "signed_at": "2026-05-16T13:06:35.490Z"
+      "signed_at": "2026-05-16T14:53:21.521Z"
     },
     {
       "name": "api-security",
@@ -1792,7 +1792,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "bhgnM/PkYgduLokq5dCSm1geELvrfvKCGG4mwfgn4X9NdrheI1cjnrOqZjbOEt2q44iH2vDhqLJeA9l85GMeAg==",
-      "signed_at": "2026-05-16T13:06:35.490Z"
+      "signed_at": "2026-05-16T14:53:21.521Z"
     },
     {
       "name": "cloud-security",
@@ -1873,7 +1873,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "wTxiyl9IN127tDk8msLw1/0REqZ3Ldeyj5HSwNdmJWOFkqGs1MbgQYFt0wCSVNcGtdoWtZtV6uuUxdOlCoo4AA==",
-      "signed_at": "2026-05-16T13:06:35.491Z"
+      "signed_at": "2026-05-16T14:53:21.521Z"
     },
     {
       "name": "container-runtime-security",
@@ -1935,7 +1935,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "kYHthY7uKOnVV64XC7evRWZuwQxY1Ihdsz4KAqGFnjTg+9hkBMcMfW1K3lwCIXEXElENznsZ8RI6LcwcbmDjBg==",
-      "signed_at": "2026-05-16T13:06:35.491Z"
+      "signed_at": "2026-05-16T14:53:21.522Z"
     },
     {
       "name": "mlops-security",
@@ -2006,7 +2006,7 @@
         "MITRE ATLAS v5.4.0 (released February 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: ATLAS v5.5 / v6.0 — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
       ],
       "signature": "L0OCRb+jIzUqdx+pZHY9WsF1fJ+FxGF3+ALWqjHerBi+EbHxi5js81xZMATRf4dIGH/4YpSjVn5Xu/apu94lBA==",
-      "signed_at": "2026-05-16T13:06:35.491Z"
+      "signed_at": "2026-05-16T14:53:21.522Z"
     },
     {
       "name": "incident-response-playbook",
@@ -2068,7 +2068,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "f2AhpIOdMBZaOPfGa0ebnHc0Iofv5Aj+NcyW3rwlP7oxx4WbvhO5n+ECVtqZ8HRoD3BC/2KxrFGcvBhnObf+AA==",
-      "signed_at": "2026-05-16T13:06:35.492Z"
+      "signed_at": "2026-05-16T14:53:21.522Z"
     },
     {
       "name": "ransomware-response",
@@ -2148,7 +2148,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "2+KCRXcUy0d1DdV2RHNFTCadii+2m9DXVcygPVFITwoGbNwnN3e10JZRjLewMtRkxXboYPZ7Qt25xoDRszYQAg==",
-      "signed_at": "2026-05-16T13:06:35.492Z"
+      "signed_at": "2026-05-16T14:53:21.523Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2201,7 +2201,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "RiCryJEd66T2NNcSo/mZTd3sGWDycE3C37guLJanLdVL5co35DrPFmIl8qy3ZM/y+Wzg5vpny8VKgr1//1/bCA==",
-      "signed_at": "2026-05-16T13:06:35.492Z"
+      "signed_at": "2026-05-16T14:53:21.523Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2269,7 +2269,7 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "rRX0+wEkhrjEIi1e+OSjg1U5uR0/hDoaai36WcIrzxViRVuIS5WwyH0GBeJF1eTcbMOIvd7QZApG8aHbXmTpAg==",
-      "signed_at": "2026-05-16T13:06:35.493Z"
+      "signed_at": "2026-05-16T14:53:21.523Z"
     },
     {
       "name": "cloud-iam-incident",
@@ -2348,8 +2348,8 @@
         "D3-CAA"
       ],
       "last_threat_review": "2026-05-15",
-      "signature": "BST7fWHHxtYrB8L79RqMsQT3NuidigkPVkIZK2Ps43PgF9SMa117ltobk5954vEb1B7kgiWPa3DurLRLdUmGBg==",
-      "signed_at": "2026-05-16T13:06:35.493Z"
+      "signature": "L85ONmu51m4EKwat2IJlMYz9V3Wvl+ISVHe92B01/mfPv/kf0TpYqaUZ8NoBT9G4rO5yNUtsWS0NMOJHHNANCA==",
+      "signed_at": "2026-05-16T14:53:21.524Z"
     },
     {
       "name": "idp-incident-response",
@@ -2430,11 +2430,11 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "n9d4fdaSHCMieXRDkBz88kITsUFFlngr2gn2IvGFqJLH+xOEDp4ohS62Vk/zq4+Mhi4QEVKSu3mONOAk3nsYBQ==",
-      "signed_at": "2026-05-16T13:06:35.494Z"
+      "signed_at": "2026-05-16T14:53:21.524Z"
     }
   ],
   "manifest_signature": {
     "algorithm": "Ed25519",
-    "signature_base64": "GR243Wdic0IsvB/Um7IAcnXY90rgIjhrYKC6fFvOTpj9C/N2gbTVYaWRkQ6/9D1phx93fHQVEeK1vSQzHvnzCA=="
+    "signature_base64": "wPYloIsAKJM7tM5OLQKcmYZCiUVxESJ40a3JC3b1M9iExZC//zHmMeQ+N7/ABqqXKD/tDBmyqrFH8IrrtE4HBg=="
   }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.12.36",
+  "version": "0.12.38",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json CHANGED Viewed

@@ -1,22 +1,22 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:54dffaaa-0570-45df-8c09-63895fec39a7",
+  "serialNumber": "urn:uuid:4bbca2a4-85ac-43b6-8b5a-19b8af0e8871",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-16T13:07:42.087Z",
+    "timestamp": "2026-05-16T14:54:27.679Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.12.36"
+        "version": "0.12.38"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.12.36",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.12.38",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.12.36",
+      "version": "0.12.38",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
       "licenses": [
         {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.12.36",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.12.38",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "f2c7fbe6fe2cc00240e87b017b2399e0338065f8c0ca29199f543c7497dde832"
+          "content": "f8a1109c08d1f80f4bd19cf613fbd5784fcfa606fc20eb8863cc32df17951b73"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.12.36"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.12.38"
         },
         {
           "type": "vcs",
@@ -108,7 +108,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4641f95ce71ceb772702bcf7cd39738c6acc802c8884f246ce907b2596e0a47b"
+          "content": "a9fa407110027349cc95b66768f4b4915deafc7606bee87c1e2c902a4b86c9b3"
         }
       ]
     },
@@ -152,7 +152,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "b3543a5b76f3ac6bfec588347f25f56c5f0d2567eba209b0b0c3b285018ad5af"
+          "content": "cef346c414332e249a5235bb9e7cef99f81702ac27575aabb87750ba15259355"
         }
       ]
     },
@@ -229,7 +229,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4168621415ed12653a30c2cb25e4ca3c38e4946d7ac7459eea384fbbd1ae843f"
+          "content": "f4236d406c41a051b9e2b72c8a389c78fcc7148f91236c06604a00549162406b"
         }
       ]
     },
@@ -262,7 +262,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "55aa571423fd254e6581b22a189a1c0eeb76d467b0ef645d1dfa39f74b28c569"
+          "content": "5bfd08a3fc62850e0cdaf454a2dce3e6719acb8917b7c7249c4c02bf945b62f5"
         }
       ]
     },
@@ -911,7 +911,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "deabb08300ea4087584070d6f434958a65ef6269a0d08a5a518985b083a3550b"
+          "content": "774078803a8ee8679906902c59ed3d3cf10651a6e239504663c8b238a900bde4"
         }
       ]
     },
@@ -922,7 +922,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "faf0ce67c6d0fad605090ed40e9c44dee2bc9807cedfdc4e3444dbddb83aa709"
+          "content": "0d6fae8067b784d435b2807d33e7a2ee0099ab4fcb1cf94566f5cd9f6cc0c4b6"
         }
       ]
     },
@@ -933,7 +933,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "d25d929ae43840da3ebfe052cf8da1969347e8fcbe1d59959fbb33c9ba9eadbe"
+          "content": "46518d99e0b18b4522982bcd2867c43dacba010390a2cc5e75d4c17c5d0f5b4c"
         }
       ]
     },
@@ -1417,7 +1417,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "10e2af2cf8292f457cd3877bcee37f6ee30c80037a3ef5b367fba25195c7a791"
+          "content": "f124d1170cffb490ddd093ad6fc9876591515643fb2f51379023a08548c7290d"
         }
       ]
     },
@@ -1615,7 +1615,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "2a30c888e515bed3c121e7396f841e15cad53fe443b3f0a1c3f2670c8c317339"
+          "content": "258003e15bd4e939a1ec1f71c22ffa4dccd6d3194411281f4685abfe840d7cd3"
         }
       ]
     },
@@ -1681,7 +1681,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "b3f1a979beab4f22d689ea74c6aa43b7f1b9017a9b2110310adc2af8305fa134"
+          "content": "44b635b9c52bb10ee2f8d786400926e018c7581387324f59ee3a815de4929c9c"
         }
       ]
     },
@@ -1692,7 +1692,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4b5b2f46c97a1571eecbb1c92ca40ac69a8cafc9f74f39539a08cb539ee65f39"
+          "content": "981bd7aea1b3ba7875d1222f077126d4eb9462bed46e3e6f5cfed5f94378b152"
         }
       ]
     },
@@ -1758,7 +1758,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "b44a8704e37d8efcd97d8e998e6b2b454e1bc3ba956c6aaf105aa155ffffd2a8"
+          "content": "497f1ef20f3e506ce1bec5ec65730ffc58300054ff3e8e563e0862838164491a"
         }
       ]
     },

package/skills/cloud-iam-incident/skill.md CHANGED Viewed

@@ -170,7 +170,7 @@ The playbook `cloud-iam-incident` operationalises this skill into a seven-phase
 |---|---|---|---|---|---|---|---|---|
 | CVE-2024-1709 ScreenConnect auth bypass (cloud-runtime adjacent) | 10.0 | 95 | Yes | Yes | n/a | Confirmed mass exploitation | Vendor patch | EDR + identity-protection |
 | CVE-2024-21626 runc container escape | 8.6 | 88 | Yes | Yes | n/a | Confirmed | Vendor patch | Container-runtime telemetry |
-| CVE-2024-3094 xz-utils supply-chain backdoor | 10.0 | 95 | Yes | Yes | Partially | Confirmed | Vendor patch | SBOM-driven detection |
+| CVE-2024-3094 xz-utils supply-chain backdoor | 10.0 | 70 | Yes | Yes | No | Suspected | Vendor patch | SBOM-driven detection |
 | CVE-2026-20182 Cisco SD-WAN cloud-edge | 9.1 | 90 | Yes | Yes | Yes | Confirmed | Vendor patch | Network telemetry |
 | CVE-2026-30623 Anthropic MCP STDIO (cloud-hosted MCP servers) | 8.4 | 87 | Pending | Yes | Yes | Suspected | Vendor patch + config hardening | MCP-aware telemetry |
 | Leaked access key in public repo (Snowflake-AA24-class) | n/a (config) | high (exploited within minutes) | n/a | Documented at scale | n/a | Confirmed mass exploitation | Configuration hardening + key rotation + scraper-bot countermeasures | GitGuardian / Trufflehog firehose; behavioural detection on CreateAccessKey + key-use anomaly |

package/skills/ot-ics-security/skill.md CHANGED Viewed

@@ -116,7 +116,7 @@ ATT&CK for ICS is a separate matrix from Enterprise. Many IT-rooted SOCs do not
 |---|---|---|---|---|---|---|---|---|---|
 | IT/OT bridge — HMI Linux host hit by Copy Fail (CVE-2026-31431) | 7.8 | 90 | Yes (2026-05-01, due 2026-05-15) | Yes — 732-byte script | Yes | Confirmed | Yes | Yes (kpatch/livepatch/kGraft) on supported distros; rare in OT brownfield | Partial — auditd/eBPF rules apply if deployable on HMI host |
 | IT/OT bridge — HMI Windows host LPE (Print Spooler / win32k family) | varies | varies | Some entries KEV-listed | Yes | Mixed | Confirmed | Yes for in-support; out-of-support HMIs are exposed permanently | No — Windows live-patch is limited to Hotpatch on supported builds | EDR if deployable; many OT EDR carve-outs |
-| Vendor-side OT CVEs (Siemens, Rockwell, Schneider, ABB, GE Vernova) | varies | varies | Several KEV listings 2024–2026 | Mixed — vendor disclosures only sometimes accompanied by PoC | Increasing AI-assisted RE | Targeted exploitation by Sandworm-aligned and Volt-Typhoon-aligned actors | Vendor-dependent — typical lag 60–180 days; deploy lag 1–5 years | No — firmware updates require change windows | ICS-aware IDS (Claroty, Nozomi, Dragos, Tenable OT) detection signature lag varies |
+| Vendor-side OT CVEs (Siemens, Rockwell, Schneider, ABB, GE Vernova) | varies | varies | Several KEV listings 2024–2026 | Mixed — vendor disclosures only sometimes accompanied by PoC | Increasing AI-assisted RE | Targeted exploitation by Sandworm-aligned and Volt Typhoon-aligned actors | Vendor-dependent — typical lag 60–180 days; deploy lag 1–5 years | No — firmware updates require change windows | ICS-aware IDS (Claroty, Nozomi, Dragos, Tenable OT) detection signature lag varies |
 | AI-HMI prompt injection (no CVE-class yet) | n/a | risk-modelled, not CVSS | n/a | Demonstrated in research and 2025 incident-response engagements | n/a (vector is the AI conduit itself) | Suspected in 2025 advanced campaigns | Mitigation only — design-time controls on the AI integration | n/a | Requires LLM-aware telemetry — almost never present |
 **Honest gap statement (per AGENTS.md rule #10).** This project's `data/cve-catalog.json` does not yet contain an exhaustive inventory of vendor-side OT CVEs (Siemens SSAs, Rockwell SD advisories, Schneider Electric Security Notifications, ABB CSAs, GE Vernova advisories). The authoritative source for current OT/ICS CVEs is the CISA ICS-CERT advisory feed at https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories — captured in `forward_watch` for inclusion in the catalog as part of the next data refresh. Do not invent CVE IDs to fill this matrix.
@@ -209,7 +209,7 @@ For non-NERC OT assets, document the actual OT-realistic patch SLA (often quarte
 - OT incident response playbook must explicitly answer: "is process shutdown the safe response to a suspected compromise, or is it the dangerous response?" The answer is process-dependent — for some processes shutdown is the safest available action; for others (continuous-cracker chemical processes, certain power-generation modes, blast furnaces, certain water treatment phases) an unplanned shutdown is catastrophically worse than the suspected compromise.
 - Pre-decision authority: who, in advance, has authority to direct OT-side response? (Plant manager? OT lead? SIS engineer? Process safety?)
-- IR playbooks reviewed and exercised against ICS-specific scenarios (Sandworm-style, Volt-Typhoon-style pre-positioning, ransomware that hit the IT side and is approaching the IDMZ).
+- IR playbooks reviewed and exercised against ICS-specific scenarios (Sandworm-style, Volt Typhoon-style pre-positioning, ransomware that hit the IT side and is approaching the IDMZ).
 ### Step 9 — Compliance Theater Check (see dedicated section below for the concrete tests)

package/skills/sector-energy/skill.md CHANGED Viewed

@@ -151,7 +151,7 @@ Energy-sector TTPs span ATT&CK for ICS, ATT&CK Enterprise (for the IT side of th
 | Engineering / HMI Linux host hit by Copy Fail (CVE-2026-31431) | 7.8 | 90 | Yes (2026-05-01, due 2026-05-15) | Yes — 732-byte script | Yes | Confirmed | Yes | Yes (kpatch/livepatch/kGraft) on supported distros; rare in energy brownfield | Partial — auditd / eBPF if deployable |
 | Engineering / HMI Windows host LPE (Print Spooler / win32k family) | varies | varies | Several entries KEV-listed | Yes | Mixed | Confirmed | Yes for in-support; out-of-support engineering hosts exposed permanently | Hotpatch on supported builds only | EDR if OT-deployable; many OT EDR carve-outs |
 | Unitronics Vision-series PLC (CyberAv3ngers pattern) | varies — vendor advisories | high RWEP where internet-exposed | Yes (some) — see CISA ICSA-23-353-01 and successors | Yes — public PoCs since late 2023 | Mixed | Confirmed against US/EU/IL water utilities | Yes | No | ICS-aware IDS signatures available (Claroty CTD, Nozomi Guardian, Dragos, Tenable OT) |
-| Vendor-side energy-OT CVEs (Siemens SIPROTEC / SCALANCE, Rockwell ControlLogix / FactoryTalk, Schneider Electric Modicon / EcoStruxure, ABB RTU / SDM, GE Vernova Multilin / Mark VIe, Hitachi Energy MicroSCADA / RTU500, AVEVA / OSIsoft PI System) | varies | varies | Multiple KEV listings 2024–2026 | Mixed — vendor disclosure cadence | Increasing AI-assisted RE (2025 trend) | Targeted by Sandworm-aligned and Volt-Typhoon-aligned actors | Vendor-dependent; typical install lag 1–5 years | No — firmware updates require change windows | ICS-aware IDS signature lag varies |
+| Vendor-side energy-OT CVEs (Siemens SIPROTEC / SCALANCE, Rockwell ControlLogix / FactoryTalk, Schneider Electric Modicon / EcoStruxure, ABB RTU / SDM, GE Vernova Multilin / Mark VIe, Hitachi Energy MicroSCADA / RTU500, AVEVA / OSIsoft PI System) | varies | varies | Multiple KEV listings 2024–2026 | Mixed — vendor disclosure cadence | Increasing AI-assisted RE (2025 trend) | Targeted by Sandworm-aligned and Volt Typhoon-aligned actors | Vendor-dependent; typical install lag 1–5 years | No — firmware updates require change windows | ICS-aware IDS signature lag varies |
 | IEC 60870-5-104 / IEC 61850 protocol abuse (Industroyer / Industroyer2 class) | n/a — design-level | risk-modelled | n/a | Demonstrated in attributed campaigns | n/a | Confirmed (Ukraine grid, 2016 and 2022) | Mitigation only (IEC 62351 retrofit; conduit segmentation) | n/a | ICS-aware IDS with energy protocol decoders detects unusual control-block patterns; signatures for Industroyer2 are widely deployed |
 | DER inverter firmware / smart-inverter setpoint manipulation | emerging research; limited public CVEs | risk-modelled | n/a | Demonstrated in academic research | Mixed | Suspected in 2025 advanced campaigns; attribution incomplete | Vendor-dependent | No | Aggregator-side telemetry analytics; D3-NTA at DER aggregator boundary |
 | AMI / smart-meter mesh attacks | varies | varies | Limited KEV coverage | Some academic PoCs | n/a | Suspected; rarely attributed | Vendor-dependent firmware updates over the mesh | No | Vendor head-end analytics; weak external detection |
@@ -373,7 +373,7 @@ Ask: "Walk me through your IR playbook for a confirmed compromise of [pick one:
 - If the playbook is a copy-paste from the IT IR playbook: dangerous theater. IT IR defaults to isolate-and-rebuild; OT IR has cases where isolate causes more harm than the suspected compromise (continuous-cracker, certain power-generation modes, blast furnaces, certain water-treatment phases, ongoing pipeline flow, in-progress switching).
 - If the playbook does not name pre-decided authority for the OT-side response: theater. In a real incident the authority question is the bottleneck — pre-decide it.
 - If the playbook does not include process-safety engagement (the SIS / safety team participates in the IR decision, not just IT/OT cyber): theater for processes where safety is the controlling consideration.
-- Acceptable: per-asset-class IR playbook with explicit shutdown-vs-keep-running decision tree, pre-decided authority, process-safety integration, and tabletop-exercise evidence within the last 12 months including ICS-specific scenarios (Sandworm-style, Volt-Typhoon-style, ransomware-approaching-IDMZ).
+- Acceptable: per-asset-class IR playbook with explicit shutdown-vs-keep-running decision tree, pre-decided authority, process-safety integration, and tabletop-exercise evidence within the last 12 months including ICS-specific scenarios (Sandworm-style, Volt Typhoon-style, ransomware-approaching-IDMZ).
 ---

package/skills/sector-federal-government/skill.md CHANGED Viewed

@@ -144,7 +144,7 @@ Sourced from `data/cve-catalog.json`, `data/exploit-availability.json`, and CISA
 | Volt Typhoon pre-positioning (PRC nation-state, CISA/FBI/NSA joint advisories ongoing since May 2023) | N/A (campaign) | N/A | Yes — public IOC sets and TTP descriptions | Multiple component CVEs in KEV | Yes — AI-assisted lateral movement reported in adjacent campaigns | Living-off-the-land detection; rigorous identity ZT (M-22-09 pillar 1); network ZT (M-22-09 pillar 3); credential hygiene | Partially — FedRAMP ConMon detects only the cloud-tenant surface | Partially — CMMC AC + AU + IR families address detection but not pre-positioning specifically | No — SSDF is producer-side |
 | Salt Typhoon US telco intrusions (PRC nation-state, publicly disclosed late 2024) | N/A (campaign) | N/A | Yes — IOC sets and CISA/FBI joint advisories | Multiple component CVEs in KEV | Yes — large-scale exploitation of edge-device CVEs | Patch + replace EOL edge devices; lawful-intercept-interface hardening; segment carrier management plane | No — telco infrastructure outside FedRAMP scope | No — telco carriers outside CMMC scope | No |
 | SolarWinds Orion supply-chain compromise (CVE-2020-10148 + SUNBURST backdoor, historical reference) | 9.8 | not in current `data/cve-catalog.json` — pre-scope incident | Yes — fully post-disclosure | Yes (KEV at time of disclosure) | No — long-game manual TTP | Patch; rotate all credentials handled by affected Orion deployments; rebuild from clean state | Yes — FedRAMP-authorized SolarWinds Orion ATOs were impacted; ConMon did not detect the implanted update | Yes — DIB contractors using Orion were impacted; current 800-171 SI-3 / SI-4 controls would not have detected the implant | Partially — SLSA L3 + in-toto + reproducible builds would have detected the build-time tampering; SSDF self-attestation alone would not |
-| XZ Utils backdoor (CVE-2024-3094, historical reference 2024) | 10.0 | not in current `data/cve-catalog.json` — pre-scope incident | Yes — fully public post-disclosure | Yes (KEV at time of disclosure) | No — multi-year human social-engineering long game | Distro rollback to 5.4.x; key revocation in federal build pipelines | Indirectly — federal-procured Linux distros downstream of upstream sshd were exposed | Yes — DIB development environments built against affected distros were in scope | Partially — SSDF PS.1 / PS.2 reference dependency integrity; do not require SLSA L3 detection |
+| XZ Utils backdoor (CVE-2024-3094, 2024) | 10.0 | 70 (catalog: KEV 2024-04-03; active_exploitation=suspected; ai_discovered=false) | Yes — fully public post-disclosure | Yes — KEV 2024-04-03 | No — multi-year human social-engineering long game | Distro rollback to 5.4.x; key revocation in federal build pipelines | Indirectly — federal-procured Linux distros downstream of upstream sshd were exposed | Yes — DIB development environments built against affected distros were in scope | Partially — SSDF PS.1 / PS.2 reference dependency integrity; do not require SLSA L3 detection |
 | Typosquat against MCP / `@modelcontextprotocol/*` / Hugging Face namespaces targeting DIB AI developers (AML.T0010 class, ongoing) | N/A (technique class) | N/A | Yes — multiple public incidents | No (technique class) | Yes — AI assistants accelerate convincing tool-description authoring | Pin versions; verify publisher provenance; enforce private registry mirroring for CUI development environments | Limited | Partially — CMMC SC + SI families address some controls but MCP namespace specifically is not covered | Yes — SSDF practice PS.2 (software integrity) applies but does not specify the technique-class control |
 | AI-generated code committed to federal / DIB codebases without provenance markers (no CVE — class risk) | N/A | N/A | Pervasive | No | Yes — by definition | Commit-trailer provenance markers; PR-level attestation; in-CI AI-code detector; restricted federal-codebase AI tool allowlist | No — not within FedRAMP control set | No — CMMC Level 2 does not address AI-codegen provenance | No — SSDF does not specify AI-codegen attribution |
 | Edge / VPN appliance zero-days driving recent CISA Emergency Directives (ED 24-01 Ivanti Connect Secure class, ED 24-02 Microsoft / Midnight Blizzard, ongoing 2024-2026) | varies — multiple CVEs, most in KEV | varies | Yes — public PoCs typically within days | Yes | Yes — AI-assisted reverse engineering on appliance firmware reported | Vendor patch + agency-specific compensating controls per the ED text; ED-mandated actions within hours-to-days | Yes — affected appliances often within FedRAMP-authorized boundaries or boundary-adjacent | Yes — DIB contractors using affected appliances inherit the threat | Producer-side — appliance vendor SSDF attestations are downstream evidence |

package/skills/supply-chain-integrity/skill.md CHANGED Viewed

@@ -165,7 +165,7 @@ Sourced from `data/cve-catalog.json`, `data/exploit-availability.json`, and publ
 | Incident / Class | CVSS | RWEP | PoC Public? | CISA KEV? | AI-Accelerated? | Patch / Mitigation | SLSA-Detectable? | SBOM-Detectable? | VEX-Helpful? |
 |---|---|---|---|---|---|---|---|---|---|
 | CVE-2026-30615 (Windsurf MCP zero-interaction RCE) | 9.8 | 35 (see `cve-catalog.json`) | Partial conceptual exploit | No (architectural class) | No direct AI weaponization recorded; the attack rides on AI agent tool-call autonomy | Vendor IDE update + manifest signing | Partially — SLSA L3 on the MCP server build would attest the binary, but client-side trust verification is the actual control | Partially — SBOM lists the MCP server package; VEX from the publisher would mark unpatched versions as `affected` | Yes — CSAF 2.0 VEX from the vendor classifies versions |
-| XZ Utils backdoor (CVE-2024-3094, historical reference 2024) | 10.0 | not in current `data/cve-catalog.json` — pre-scope incident | Yes — fully public post-disclosure | Yes (KEV at time of disclosure) | No — multi-year human social-engineering long game | Distro rollback to 5.4.x; key revocation in build pipelines | Yes — SLSA L3 with reproducible builds would have detected divergence between source and binary | Partially — SBOM lists `xz` but not the modified release tarball provenance | Yes — VEX statements published rapidly after disclosure |
+| XZ Utils backdoor (CVE-2024-3094, 2024) | 10.0 | 70 (catalog: KEV 2024-04-03; active_exploitation=suspected; ai_discovered=false) | Yes — fully public post-disclosure | Yes — KEV 2024-04-03 | No — multi-year human social-engineering long game | Distro rollback to 5.4.x; key revocation in build pipelines | Yes — SLSA L3 with reproducible builds would have detected divergence between source and binary | Partially — SBOM lists `xz` but not the modified release tarball provenance | Yes — VEX statements published rapidly after disclosure |
 | Typosquat in `@modelcontextprotocol/*` namespace (AML.T0010 class, ongoing 2024-2026) | N/A (technique class) | N/A | Yes — multiple public incidents | No (technique class) | Yes — AI assistants accelerate convincing tool-description authoring | Mitigation only: pin versions, verify npm provenance attestation, enforce publisher allowlist | Yes — SLSA provenance from a known publisher fails for a typosquatted package | Yes — SBOM diff at install time flags new unrecognized package | Limited — VEX is about known vulns, not malicious-by-design packages |
 | Hugging Face poisoned model weights (AML.T0018, ongoing) | N/A (technique class) | N/A | Yes — public research demonstrations of RCE in model artifacts using code-executing serialization formats | No | Yes — adversarial weights via training-data poisoning is AI-accelerated | Reject code-executing serialization formats; require safetensors; verify Sigstore / OpenSSF model-signing signatures | Yes — SLSA-style attestation of model training run | Partial — ML-BOM (CycloneDX 1.6) inventories models; does not by itself attest integrity | Limited — VEX semantics map weakly to model integrity |
 | AI-coding-assistant generated code with no provenance markers (no CVE — class risk) | N/A | N/A | N/A — pervasive in 2024-2026 codebases | No | Yes — by definition | Mitigation: commit-message provenance markers, in-toto-style attestation that ties commit to model + prompt context | Partially — SLSA provenance can attest the human author of a commit; AI-co-author attribution is not standardized | No — SBOM does not currently inventory AI-generated code segments | Not applicable |