@blamejs/exceptd-skills 0.12.41 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/CHANGELOG.md +91 -0
  2. package/bin/exceptd.js +52 -44
  3. package/data/_indexes/_meta.json +47 -47
  4. package/data/_indexes/chains.json +485 -13
  5. package/data/_indexes/jurisdiction-map.json +15 -4
  6. package/data/_indexes/section-offsets.json +1244 -1244
  7. package/data/_indexes/token-budget.json +173 -173
  8. package/data/atlas-ttps.json +54 -11
  9. package/data/attack-techniques.json +113 -17
  10. package/data/cve-catalog.json +17 -24
  11. package/data/cwe-catalog.json +8 -2
  12. package/data/framework-control-gaps.json +13 -3
  13. package/data/playbooks/ai-api.json +5 -0
  14. package/data/playbooks/cicd-pipeline-compromise.json +970 -0
  15. package/data/playbooks/cloud-iam-incident.json +4 -1
  16. package/data/playbooks/cred-stores.json +10 -0
  17. package/data/playbooks/framework.json +16 -0
  18. package/data/playbooks/hardening.json +4 -0
  19. package/data/playbooks/identity-sso-compromise.json +951 -0
  20. package/data/playbooks/idp-incident.json +3 -0
  21. package/data/playbooks/kernel.json +6 -0
  22. package/data/playbooks/llm-tool-use-exfil.json +963 -0
  23. package/data/playbooks/mcp.json +6 -0
  24. package/data/playbooks/runtime.json +4 -0
  25. package/data/playbooks/sbom.json +13 -0
  26. package/data/playbooks/secrets.json +6 -0
  27. package/data/playbooks/webhook-callback-abuse.json +916 -0
  28. package/lib/cross-ref-api.js +33 -13
  29. package/lib/cve-curation.js +12 -1
  30. package/lib/exit-codes.js +29 -0
  31. package/lib/lint-skills.js +24 -2
  32. package/lib/refresh-external.js +10 -1
  33. package/lib/scoring.js +55 -0
  34. package/manifest.json +83 -83
  35. package/orchestrator/index.js +32 -24
  36. package/package.json +1 -1
  37. package/sbom.cdx.json +122 -78
  38. package/scripts/predeploy.js +7 -13
  39. package/scripts/refresh-reverse-refs.js +86 -0
  40. package/scripts/refresh-sbom.js +21 -4
  41. package/skills/age-gates-child-safety/skill.md +1 -5
  42. package/skills/ai-attack-surface/skill.md +11 -4
  43. package/skills/ai-c2-detection/skill.md +11 -2
  44. package/skills/ai-risk-management/skill.md +4 -2
  45. package/skills/api-security/skill.md +7 -8
  46. package/skills/attack-surface-pentest/skill.md +2 -2
  47. package/skills/cloud-iam-incident/skill.md +1 -5
  48. package/skills/cloud-security/skill.md +0 -4
  49. package/skills/compliance-theater/skill.md +10 -2
  50. package/skills/container-runtime-security/skill.md +1 -3
  51. package/skills/dlp-gap-analysis/skill.md +3 -4
  52. package/skills/email-security-anti-phishing/skill.md +1 -8
  53. package/skills/exploit-scoring/skill.md +7 -2
  54. package/skills/framework-gap-analysis/skill.md +1 -1
  55. package/skills/fuzz-testing-strategy/skill.md +1 -2
  56. package/skills/global-grc/skill.md +3 -2
  57. package/skills/identity-assurance/skill.md +1 -3
  58. package/skills/idp-incident-response/skill.md +1 -4
  59. package/skills/incident-response-playbook/skill.md +1 -5
  60. package/skills/kernel-lpe-triage/skill.md +2 -2
  61. package/skills/mcp-agent-trust/skill.md +13 -3
  62. package/skills/mlops-security/skill.md +2 -3
  63. package/skills/ot-ics-security/skill.md +0 -3
  64. package/skills/policy-exception-gen/skill.md +11 -3
  65. package/skills/pqc-first/skill.md +4 -2
  66. package/skills/rag-pipeline-security/skill.md +2 -0
  67. package/skills/ransomware-response/skill.md +1 -5
  68. package/skills/researcher/skill.md +4 -3
  69. package/skills/sector-energy/skill.md +0 -4
  70. package/skills/sector-federal-government/skill.md +2 -3
  71. package/skills/sector-financial/skill.md +1 -4
  72. package/skills/sector-healthcare/skill.md +0 -5
  73. package/skills/sector-telecom/skill.md +0 -4
  74. package/skills/security-maturity-tiers/skill.md +1 -2
  75. package/skills/skill-update-loop/skill.md +4 -3
  76. package/skills/supply-chain-integrity/skill.md +4 -3
  77. package/skills/threat-model-currency/skill.md +1 -1
  78. package/skills/threat-modeling-methodology/skill.md +2 -1
  79. package/skills/webapp-security/skill.md +0 -5
package/data/_indexes/jurisdiction-map.json CHANGED
@@ -63,6 +63,7 @@
63
63
  "defensive-countermeasure-mapping",
64
64
  "dlp-gap-analysis",
65
65
  "email-security-anti-phishing",
66
+ "exploit-scoring",
66
67
  "framework-gap-analysis",
67
68
  "fuzz-testing-strategy",
68
69
  "global-grc",
@@ -73,6 +74,7 @@
73
74
  "mcp-agent-trust",
74
75
  "mlops-security",
75
76
  "ot-ics-security",
77
+ "policy-exception-gen",
76
78
  "pqc-first",
77
79
  "rag-pipeline-security",
78
80
  "ransomware-response",
@@ -91,7 +93,7 @@
91
93
  "zeroday-gap-learn"
92
94
  ],
93
95
  "example_excerpts": {},
94
- "skill_count": 40
96
+ "skill_count": 42
95
97
  },
96
98
  "AU": {
97
99
  "skills": [
@@ -120,6 +122,7 @@
120
122
  "mcp-agent-trust",
121
123
  "mlops-security",
122
124
  "ot-ics-security",
125
+ "policy-exception-gen",
123
126
  "pqc-first",
124
127
  "rag-pipeline-security",
125
128
  "ransomware-response",
@@ -138,7 +141,7 @@
138
141
  "zeroday-gap-learn"
139
142
  ],
140
143
  "example_excerpts": {},
141
- "skill_count": 41
144
+ "skill_count": 42
142
145
  },
143
146
  "SG": {
144
147
  "skills": [
@@ -548,21 +551,29 @@
548
551
  "EU_DE_BSI": {
549
552
  "skills": [
550
553
  "age-gates-child-safety",
554
+ "ai-attack-surface",
555
+ "ai-c2-detection",
551
556
  "cloud-security",
557
+ "compliance-theater",
552
558
  "coordinated-vuln-disclosure",
553
559
  "fuzz-testing-strategy",
560
+ "mcp-agent-trust",
554
561
  "pqc-first"
555
562
  ],
556
563
  "example_excerpts": {},
557
- "skill_count": 5
564
+ "skill_count": 9
558
565
  },
559
566
  "EU_FR_ANSSI": {
560
567
  "skills": [
568
+ "ai-attack-surface",
569
+ "ai-c2-detection",
561
570
  "cloud-security",
571
+ "compliance-theater",
572
+ "mcp-agent-trust",
562
573
  "pqc-first"
563
574
  ],
564
575
  "example_excerpts": {},
565
- "skill_count": 2
576
+ "skill_count": 6
566
577
  },
567
578
  "EU_ES_AEPD": {
568
579
  "skills": [