@blamejs/exceptd-skills 0.12.39 → 0.12.41

package/data/_indexes/frequency.json

@@ -2520,6 +2520,7 @@
       "AU-Essential-8-Backup",
       "AU-Essential-8-MFA",
       "AU-Essential-8-Patch",
+      "AU-ISM-1546",
       "CIS-Controls-v8-10.1",
       "DORA-Art-9",
       "DORA-Art28",
@@ -2537,9 +2538,11 @@
       "HIPAA-Security-Rule-2026-NPRM-164.310",
       "HIPAA-Security-Rule-2026-NPRM-164.312",
       "HIPAA-Security-Rule-2026-NPRM-164.314",
+      "ISO-27001-2022-A.5.7",
       "ISO-27001-2022-A.8.7",
       "NIS2-Art21-identity-management",
       "NIS2-Art21-incident-handling",
+      "NIS2-Art21-supply-chain",
       "NIS2-Art21-vulnerability-management",
       "NIST-800-53-AC-3",
       "NIST-800-53-AC-6",
@@ -2552,6 +2555,7 @@
       "PCI-DSS-4.0.1-6.4.3",
       "UK-CAF-A1",
       "UK-CAF-B2",
+      "UK-CAF-B4",
       "UK-CAF-C1",
       "UK-CAF-D1"
     ],

package/data/_indexes/section-offsets.json

@@ -3543,21 +3543,21 @@
     },
     "mlops-security": {
       "path": "skills/mlops-security/skill.md",
-      "total_bytes": 45439,
+      "total_bytes": 45463,
       "total_lines": 330,
       "frontmatter": {
         "line_start": 1,
         "line_end": 66,
         "byte_start": 0,
-        "byte_end": 2398
+        "byte_end": 2422
       },
       "sections": [
         {
           "name": "Threat Context (mid-2026)",
           "normalized_name": "threat-context",
           "line": 70,
-          "byte_start": 2437,
-          "byte_end": 8267,
+          "byte_start": 2461,
+          "byte_end": 8291,
           "bytes": 5830,
           "h3_count": 0
         },
@@ -3565,8 +3565,8 @@
           "name": "Framework Lag Declaration",
           "normalized_name": "framework-lag-declaration",
           "line": 88,
-          "byte_start": 8267,
-          "byte_end": 14049,
+          "byte_start": 8291,
+          "byte_end": 14073,
           "bytes": 5782,
           "h3_count": 0
         },
@@ -3574,8 +3574,8 @@
           "name": "TTP Mapping",
           "normalized_name": "ttp-mapping",
           "line": 112,
-          "byte_start": 14049,
-          "byte_end": 18425,
+          "byte_start": 14073,
+          "byte_end": 18449,
           "bytes": 4376,
           "h3_count": 0
         },
@@ -3583,8 +3583,8 @@
           "name": "Exploit Availability Matrix",
           "normalized_name": "exploit-availability-matrix",
           "line": 137,
-          "byte_start": 18425,
-          "byte_end": 23911,
+          "byte_start": 18449,
+          "byte_end": 23935,
           "bytes": 5486,
           "h3_count": 0
         },
@@ -3592,8 +3592,8 @@
           "name": "Analysis Procedure",
           "normalized_name": "analysis-procedure",
           "line": 163,
-          "byte_start": 23911,
-          "byte_end": 32980,
+          "byte_start": 23935,
+          "byte_end": 33004,
           "bytes": 9069,
           "h3_count": 4
         },
@@ -3601,8 +3601,8 @@
           "name": "Output Format",
           "normalized_name": "output-format",
           "line": 228,
-          "byte_start": 32980,
-          "byte_end": 35658,
+          "byte_start": 33004,
+          "byte_end": 35682,
           "bytes": 2678,
           "h3_count": 10
         },
@@ -3610,8 +3610,8 @@
           "name": "Compliance Theater Check",
           "normalized_name": "compliance-theater-check",
           "line": 281,
-          "byte_start": 35658,
-          "byte_end": 38589,
+          "byte_start": 35682,
+          "byte_end": 38613,
           "bytes": 2931,
           "h3_count": 0
         },
@@ -3619,8 +3619,8 @@
           "name": "Defensive Countermeasure Mapping",
           "normalized_name": "defensive-countermeasure-mapping",
           "line": 297,
-          "byte_start": 38589,
-          "byte_end": 42509,
+          "byte_start": 38613,
+          "byte_end": 42533,
           "bytes": 3920,
           "h3_count": 0
         },
@@ -3628,8 +3628,8 @@
           "name": "Hand-Off / Related Skills",
           "normalized_name": "hand-off",
           "line": 317,
-          "byte_start": 42509,
-          "byte_end": 45439,
+          "byte_start": 42533,
+          "byte_end": 45463,
           "bytes": 2930,
           "h3_count": 0
         }

package/data/_indexes/token-budget.json

@@ -3,8 +3,8 @@
     "schema_version": "1.0.0",
     "tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
     "approx_chars_per_token": 4,
-    "total_chars": 1591052,
-    "total_approx_tokens": 397769,
+    "total_chars": 1591076,
+    "total_approx_tokens": 397775,
     "skill_count": 42
   },
   "skills": {
@@ -2065,10 +2065,10 @@
     },
     "mlops-security": {
       "path": "skills/mlops-security/skill.md",
-      "bytes": 45439,
-      "chars": 45147,
+      "bytes": 45463,
+      "chars": 45171,
       "lines": 330,
-      "approx_tokens": 11287,
+      "approx_tokens": 11293,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {

package/data/cve-catalog.json

@@ -36,6 +36,16 @@
     },
     "vendor_advisory_field_added": "2026-05-11",
     "vendor_advisory_note": "Each CVE carries a structured vendor_advisories array (vendor, advisory_id, url, severity, published_date) for downstream consumers that route by vendor advisory. Unknown advisory IDs are null with the canonical vendor CVE-resolver URL — never fabricated. Existing free-form references are preserved in verification_sources; vendor_advisories is additive.",
+    "active_exploitation_vocabulary": {
+      "values": ["confirmed", "suspected", "theoretical", "none", "unknown"],
+      "definitions": {
+        "confirmed": "Active in-the-wild exploitation observed and attributed",
+        "suspected": "Indicators consistent with exploitation; attribution incomplete",
+        "theoretical": "Working PoC published; no confirmed exploitation",
+        "none": "No exploitation observed; vulnerability disclosed and patched",
+        "unknown": "Insufficient telemetry to classify"
+      }
+    },
     "ai_discovery_methodology": {
       "field_added": "2026-05-15",
       "agents_md_target": "Hard Rule #7 — '41% of 2025 zero-days were AI-discovered'. Catalog target rate floor: 0.40.",
@@ -1318,7 +1328,7 @@
       "NIST-800-53-SI-2": "30-day critical patch SLA is an exploitation window for a deterministic LPE with a public PoC. Module-unload mitigation is non-reboot and available immediately, but no SI-2 implementation requires it as a compensating control.",
       "ISO-27001-2022-A.8.8": "'Appropriate timescales' undefined; standard 30-day interpretation is unsafe for deterministic LPE with public PoC. No requirement to track kernel-module-blacklist as a compensating control.",
       "NIS2-Art21-patch-management": "Art. 21(2)(c) patch-management measures are undefined for fast-cycle kernel LPEs with public PoC. No guidance on module-blacklist as an interim measure.",
-      "DORA-Art9": "ICT incident management presumes vendor-patch cadence; module-unload as immediate mitigation has no place in the typical DORA evidence pack.",
+      "DORA-Art-9": "ICT incident management presumes vendor-patch cadence; module-unload as immediate mitigation has no place in the typical DORA evidence pack.",
       "UK-CAF-B4": "System security principle is silent on subsystem module disable as a compensating control for unpatched kernel LPE.",
       "AU-ISM-1546": "Essential 8 patch-applications maturity ladder anchors on advisory date, not on PoC availability. ML3 48h is still long for a deterministic public exploit.",
       "ISO-27001-2022-A.5.7": "Threat-intelligence control collects feeds but does not require the operational pivot (module unload) when intel shows a same-family sequel to a previously-patched bug."
@@ -1500,9 +1510,7 @@
     },
     "epss_score": 0.65,
     "epss_date": "2026-05-14",
-    "cwe_refs": [
-      "CWE-403"
-    ],
+    "cwe_refs": [],
     "source_verified": "2026-05-14",
     "verification_sources": [
       "https://nvd.nist.gov/vuln/detail/CVE-2024-21626",
@@ -1626,8 +1634,7 @@
     },
     "atlas_refs": [],
     "attack_refs": [
-      "T1611",
-      "T1547.006"
+      "T1611"
     ],
     "rwep_score": 30,
     "rwep_factors": {
@@ -1689,10 +1696,7 @@
     "atlas_refs": [
       "AML.T0016"
     ],
-    "attack_refs": [
-      "T1083",
-      "T1005"
-    ],
+    "attack_refs": [],
     "rwep_score": 30,
     "rwep_factors": {
       "cisa_kev": 0,
@@ -1834,7 +1838,6 @@
     "epss_score": 0.967,
     "epss_date": "2026-05-14",
     "cwe_refs": [
-      "CWE-119",
       "CWE-787"
     ],
     "source_verified": "2026-05-14",
@@ -1896,9 +1899,7 @@
     },
     "epss_score": 0.973,
     "epss_date": "2026-05-14",
-    "cwe_refs": [
-      "CWE-288"
-    ],
+    "cwe_refs": [],
     "source_verified": "2026-05-14",
     "verification_sources": [
       "https://nvd.nist.gov/vuln/detail/CVE-2024-1709",
@@ -2006,8 +2007,7 @@
     },
     "atlas_refs": [],
     "attack_refs": [
-      "T1525",
-      "T1046"
+      "T1525"
     ],
     "rwep_score": 30,
     "rwep_factors": {
@@ -2022,9 +2022,7 @@
     },
     "epss_score": 0.005,
     "epss_date": "2026-05-14",
-    "cwe_refs": [
-      "CWE-190"
-    ],
+    "cwe_refs": [],
     "source_verified": "2026-05-14",
     "verification_sources": [
       "https://nvd.nist.gov/vuln/detail/CVE-2024-40635",
@@ -2073,8 +2071,7 @@
       "NIS2-Art21-supply-chain": "Generic supply chain controls without npm-ecosystem-specific guidance."
     },
     "atlas_refs": [
-      "AML.T0010",
-      "AML.T0019"
+      "AML.T0010"
     ],
     "attack_refs": [
       "T1195.001",
@@ -2238,8 +2235,7 @@
     "epss_score": null,
     "epss_date": "2026-05-14",
     "cwe_refs": [
-      "CWE-287",
-      "CWE-841"
+      "CWE-287"
     ],
     "source_verified": "2026-05-14",
     "verification_sources": [
@@ -2597,8 +2593,7 @@
     },
     "atlas_refs": [],
     "attack_refs": [
-      "T1190",
-      "T1490"
+      "T1190"
     ],
     "rwep_score": 45,
     "rwep_factors": {
@@ -2737,8 +2732,7 @@
       "AML.T0040"
     ],
     "attack_refs": [
-      "T1190",
-      "T1505.003"
+      "T1190"
     ],
     "rwep_score": 40,
     "rwep_factors": {
@@ -2755,7 +2749,6 @@
     "epss_score": null,
     "epss_date": "2026-05-14",
     "cwe_refs": [
-      "CWE-122",
       "CWE-787"
     ],
     "source_verified": "2026-05-14",

package/data/exploit-availability.json

@@ -2,6 +2,7 @@
   "_meta": {
     "schema_version": "1.1.0",
     "last_updated": "2026-05-15",
+    "last_threat_review": "2026-05-17",
     "note": "Tracks PoC availability and weaponization stage per CVE. Update when status changes. last_verified must be within 90 days. v1.1.0 (2026-05-15): added ai_discovery_source enum + ai_assist_factor ladder (low|moderate|high|very_high) per AGENTS.md Hard Rule #7.",
     "tlp": "CLEAR",
     "source_confidence": {