@blamejs/exceptd-skills 0.12.6 → 0.12.8

package/skills/age-gates-child-safety/skill.md

@@ -39,6 +39,9 @@ framework_gaps:
   - ISO-27001-2022-A.8.30
   - NIST-800-53-AC-2
   - SOC2-CC6-logical-access
+  - NIS2-Art21-incident-handling
+  - UK-CAF-B2
+  - AU-Essential-8-MFA
 rfc_refs: []
 cwe_refs:
   - CWE-200

package/skills/ai-attack-surface/skill.md

@@ -39,6 +39,9 @@ framework_gaps:
   - OWASP-LLM-Top-10-2025-LLM01
   - OWASP-LLM-Top-10-2025-LLM02
   - SOC2-CC6-logical-access
+  - EU-AI-Act-Art-15
+  - UK-CAF-A1
+  - AU-Essential-8-App-Hardening
 cwe_refs:
   - CWE-1039
   - CWE-1426
@@ -46,7 +49,7 @@ cwe_refs:
 d3fend_refs:
   - D3-IOPR
   - D3-NTA
-last_threat_review: "2026-05-01"
+last_threat_review: "2026-05-13"
 ---
 
 # AI Attack Surface Assessment

package/skills/ai-c2-detection/skill.md

@@ -28,6 +28,11 @@ framework_gaps:
   - NIST-800-53-SC-7
   - ISO-27001-2022-A.8.16
   - SOC2-CC7-anomaly-detection
+  - NIS2-Art21-incident-handling
+  - UK-CAF-C1
+  - AU-Essential-8-App-Hardening
+cwe_refs:
+  - CWE-918
 rfc_refs:
   - RFC-8446
   - RFC-9180
@@ -43,7 +48,7 @@ d3fend_refs:
   - D3-NI
   - D3-NTA
   - D3-NTPM
-last_threat_review: "2026-05-01"
+last_threat_review: "2026-05-13"
 ---
 
 # AI C2 Detection

package/skills/ai-risk-management/skill.md

@@ -33,6 +33,9 @@ framework_gaps:
   - ISO-IEC-23894-2023-clause-7
   - NIST-AI-RMF-MEASURE-2.5
   - OWASP-LLM-Top-10-2025-LLM01
+  - EU-AI-Act-Art-15
+  - UK-CAF-A1
+  - AU-Essential-8-App-Hardening
 rfc_refs: []
 cwe_refs:
   - CWE-1426

package/skills/api-security/skill.md

@@ -36,6 +36,9 @@ framework_gaps:
   - NIST-800-218-SSDF
   - ISO-27001-2022-A.8.28
   - NIST-800-53-AC-2
+  - NIS2-Art21-incident-handling
+  - UK-CAF-B2
+  - AU-Essential-8-App-Hardening
 rfc_refs:
   - RFC-8446
   - RFC-9114

package/skills/attack-surface-pentest/skill.md

@@ -34,6 +34,9 @@ framework_gaps:
   - OWASP-Pen-Testing-Guide-v5
   - PTES-Pre-engagement
   - NIS2-Art21-patch-management
+  - ISO-27001-2022-A.8.8
+  - UK-CAF-A1
+  - AU-Essential-8-App-Hardening
 rfc_refs: []
 cwe_refs:
   - CWE-1395

package/skills/cloud-security/skill.md

@@ -38,6 +38,9 @@ framework_gaps:
   - ISO-27001-2022-A.8.30
   - SOC2-CC9-vendor-management
   - FedRAMP-Rev5-Moderate
+  - NIS2-Art21-incident-handling
+  - UK-CAF-B2
+  - AU-Essential-8-MFA
 rfc_refs:
   - RFC-8446
   - RFC-9180

package/skills/container-runtime-security/skill.md

@@ -38,6 +38,9 @@ framework_gaps:
   - NIST-800-53-CM-7
   - ISO-27001-2022-A.8.28
   - SLSA-v1.0-Build-L3
+  - NIS2-Art21-incident-handling
+  - UK-CAF-B2
+  - AU-Essential-8-App-Hardening
 rfc_refs:
   - RFC-8446
   - RFC-8032

package/skills/coordinated-vuln-disclosure/skill.md

@@ -29,7 +29,14 @@ framework_gaps:
   - NIST-800-218-SSDF
   - ISO-27001-2022-A.8.8
   - SOC2-CC9-vendor-management
-rfc_refs: []
+  - NIS2-Art21-incident-handling
+  - UK-CAF-D1
+  - AU-Essential-8-Patch
+rfc_refs:
+  - ISO-29147
+  - ISO-30111
+  - RFC-9116
+  - CSAF-2.0
 cwe_refs:
   - CWE-1357
 d3fend_refs: []

package/skills/defensive-countermeasure-mapping/skill.md

@@ -208,7 +208,7 @@ Zero-trust-compliant defense maps to controls that verify per request. Implicit-
 Example: "CVE — Linux kernel LPE. Canonical: CVE-2026-31431 (Copy Fail)."
 
 ## Offensive technique set (input to D3FEND query)
-- <AML.Txxxx / Txxxx / CWE-xxx list, with one-line descriptions>
+- <AML.T0001-or-similar / T0001-or-similar / CWE-<id> list, with one-line descriptions>
 
 ## Defensive-coverage map
 | D3FEND ID | Name | Tactic (DiD layer) | Privilege scope | ZT posture | Deployed? | AI-pipeline applicable? | Framework controls partially mapped | Live-tunable? |

package/skills/dlp-gap-analysis/skill.md

@@ -41,6 +41,9 @@ framework_gaps:
   - HIPAA-Security-Rule-164.312(a)(1)
   - SOC2-CC7-anomaly-detection
   - NIST-800-53-SC-28
+  - NIS2-Art21-incident-handling
+  - UK-CAF-C1
+  - AU-Essential-8-App-Hardening
 rfc_refs:
   - RFC-8446
   - RFC-9458

package/skills/email-security-anti-phishing/skill.md

@@ -39,7 +39,15 @@ framework_gaps:
   - NIST-800-53-SI-3
   - ISO-27001-2022-A.8.16
   - SOC2-CC7-anomaly-detection
-rfc_refs: []
+  - NIS2-Art21-incident-handling
+  - UK-CAF-C1
+  - AU-Essential-8-App-Hardening
+rfc_refs:
+  - RFC-7489
+  - RFC-6376
+  - RFC-7208
+  - RFC-8616
+  - RFC-8461
 cwe_refs: []
 d3fend_refs:
   - D3-NTA

package/skills/identity-assurance/skill.md

@@ -38,6 +38,9 @@ framework_gaps:
   - ISO-27001-2022-A.8.30
   - SOC2-CC6-logical-access
   - PSD2-RTS-SCA
+  - NIS2-Art21-incident-handling
+  - UK-CAF-B2
+  - AU-Essential-8-MFA
 rfc_refs:
   - RFC-7519
   - RFC-8725
@@ -52,7 +55,9 @@ cwe_refs:
   - CWE-798
   - CWE-862
   - CWE-863
-d3fend_refs: []
+d3fend_refs:
+  - D3-MFA
+  - D3-CSPP
 last_threat_review: "2026-05-11"
 ---
 

package/skills/incident-response-playbook/skill.md

@@ -37,7 +37,13 @@ framework_gaps:
   - NIST-800-53-AC-2
   - ISO-27001-2022-A.8.16
   - SOC2-CC7-anomaly-detection
-rfc_refs: []
+  - NIS2-Art21-incident-handling
+  - UK-CAF-D1
+  - AU-Essential-8-Backup
+rfc_refs:
+  - RFC-6545
+  - RFC-6546
+  - RFC-7970
 cwe_refs: []
 d3fend_refs:
   - D3-RPA
@@ -120,7 +126,7 @@ This skill is response-shaped — the TTPs below name the incident classes the p
 |---|---|---|---|---|
 | **T1486** | Data Encrypted for Impact | Ransomware | Identification: EDR file-encryption telemetry, share-mass-write pattern. Containment: network-segment isolation, identity revocation. Eradication: backup-validation-before-restore. Recovery: validated-restore + service-level verification. Lessons: feed to `zeroday-gap-learn` if initial access was a known CVE. | Detection coverage strong; identity-rotation maturity weak. NYDFS 24h ransom-payment clock and OFAC sanctions screening intersect at decision-to-pay. |
 | **T1041** | Exfiltration Over C2 Channel | Data exfiltration via established C2 | Identification: DLP egress, anomalous outbound bandwidth, beaconing patterns. Containment: egress filtering, certificate-pinned proxy. Eradication: C2 artifact removal. Recovery: identity + secrets rotation. Lessons: detection-engineering gap analysis. | EDR coverage variable; encrypted exfiltration to legitimate services (Box, OneDrive, S3) often missed by signature-based DLP. |
-| **T1567** | Exfiltration Over Web Service | Exfiltration via legitimate web/SaaS services including AI-API | Identification: web-egress to anomalous services or anomalous-volume to legitimate services; for AI-API channel pair with `ai-c2-detection`. Containment: egress block of identified channel, AI-API key revocation, MCP-server scope reduction. Eradication: identify exfiltrated dataset, follow data-incident sub-playbook. Recovery: re-key + re-issue access. | AI-API exfiltration (sub-technique T1567.xxx pattern; ATLAS overlap with AML.T0017) typically blends with legitimate traffic — see `ai-c2-detection` for content-layer detection. |
+| **T1567** | Exfiltration Over Web Service | Exfiltration via legitimate web/SaaS services including AI-API | Identification: web-egress to anomalous services or anomalous-volume to legitimate services; for AI-API channel pair with `ai-c2-detection`. Containment: egress block of identified channel, AI-API key revocation, MCP-server scope reduction. Eradication: identify exfiltrated dataset, follow data-incident sub-playbook. Recovery: re-key + re-issue access. | AI-API exfiltration (sub-technique T1567.<sub-technique-id> pattern; ATLAS overlap with AML.T0017) typically blends with legitimate traffic — see `ai-c2-detection` for content-layer detection. |
 | **T1078** | Valid Accounts | Identity compromise as initial access | Identification: anomalous-sign-in UEBA, impossible-travel, MFA-fatigue patterns. Containment: account disable + session revocation + re-authentication for affected blast radius. Eradication: credential rotation, token revocation, OAuth-grant audit, AI-agent service-account rotation. Recovery: re-issue under zero-trust posture. Lessons: identity-control gap analysis. | Dominant initial-access vector mid-2026; coverage strong for human accounts, weak for AI-agent / service-account / OAuth-app identities. |
 | **AML.T0096** | LLM API as C2 | AI-API as command-and-control channel (SesameOp pattern) | Identification: see `ai-c2-detection` skill — content-layer detection at the AI API egress boundary, prompt-and-response correlation, anomalous AI-API usage shape. Containment: AI-API egress block or proxy-mediated allowlist. Eradication: identify the agent or workload abusing the channel. Recovery: re-issue AI-API keys under scoped least-privilege. | Detection coverage near-absent in legacy SOC stacks; the AI traffic shape is novel and signatures do not exist for most enterprise SIEMs. |
 | **AML.T0017** | ML Model Exfiltration | Model weights, training data, or system-prompt extraction | Identification: anomalous inference-API usage patterns (high-volume queries, structured probing, membership-inference signatures, repeated training-data extraction prompts). Containment: rate-limit + API-key revocation + IP block. Eradication: identify attacker access surface; assess data sensitivity. Recovery: re-key, consider model-rotation if proprietary weights are at risk; for training-data exfiltration consider differential-privacy retraining. | No standardized detection signatures; org must build custom telemetry over AI inference APIs. |

package/skills/kernel-lpe-triage/skill.md

@@ -26,6 +26,8 @@ framework_gaps:
   - NIS2-Art21-patch-management
   - NIST-800-53-SC-8
   - CIS-Controls-v8-Control7
+  - UK-CAF-D1
+  - AU-Essential-8-Patch
 rfc_refs:
   - RFC-4301
   - RFC-4303
@@ -41,7 +43,7 @@ d3fend_refs:
   - D3-EAL
   - D3-PHRA
   - D3-PSEP
-last_threat_review: "2026-05-01"
+last_threat_review: "2026-05-13"
 ---
 
 # Kernel LPE Triage
@@ -134,6 +136,24 @@ Note: ATLAS refs are intentionally empty in frontmatter — these are Linux kern
 
 ---
 
+## Compliance Theater Check
+
+Run this check for any org claiming patch-management compliance for kernel LPE class CVEs:
+
+> "Your patch-management control (NIST SI-2 / ISO 27001:2022 A.8.8 / PCI-DSS v4 6.3.3 / NIS2 Art. 21(2)(g) / UK-CAF B4 / AU-ISM-1493) documents a 30-day remediation window for Critical/High CVEs. CVE-2026-31431 (Copy Fail) is CISA KEV listed with a public deterministic exploit requiring no privileges and KEV listing dated 2026-03-15. What is the actual time, on this fleet, between KEV listing and confirmed patch-or-mitigate for the affected kernel versions? If that interval exceeds 72 hours without live-patching as a deployed capability for the affected hosts, the patch-management control is theater for the KEV-class kernel-LPE threat surface."
+
+**Theater fingerprints (any of these reduces the control to paper compliance):**
+
+- Patch SLA is measured against advisory-publication date, not KEV-listing date — KEV listings are the operational signal that exploitation is happening now, and the SLA must trigger from there.
+- The fleet inventory cannot answer "which hosts run the affected kernel version" within minutes — without live inventory, the SLA cannot be measured.
+- Live-patching is described as "available" but no kernel was live-patched in the last 30 days — capability without operation is theater.
+- The compensating-controls plan for hosts that cannot be rebooted within SLA is undocumented or relies on controls the CVE PoC bypasses (e.g. AppArmor profiles where the exploit runs as the legitimate user).
+- "Patch management" includes only OS vendor patches, not third-party kernel modules or out-of-tree drivers — Dirty Frag RxRPC class lives in the network subsystem and is often patched on an asymmetric cadence.
+
+**Real requirement:** patch SLA anchored to KEV listing date, fleet inventory live enough to answer "affected hosts" in under 5 minutes, live-patching deployed and exercised in the prior 30 days, written compensating-controls plan that survives the PoC test, third-party kernel modules in scope.
+
+---
+
 ## Analysis Procedure
 
 When a user invokes this skill, perform this assessment in order:
@@ -156,10 +176,10 @@ Ask for or assess:
 Exposed if: kernel >= 4.14 AND kernel < [patched version for distribution]
 Patched versions:
   RHEL 8/9:        kernel-4.18.0-553.xx.el8 / kernel-5.14.0-427.xx.el9
-  Ubuntu 22.04:    linux-image-5.15.0-xxx (check USN-7xxx)
-  Ubuntu 24.04:    linux-image-6.8.0-xxx (check USN-7xxx)
+  Ubuntu 22.04:    linux-image-5.15.0-<patch-revision> (check USN-7<advisory-number>)
+  Ubuntu 24.04:    linux-image-6.8.0-xxx (check USN-7<advisory-number>)
   Debian 12:       6.1.xxx (check DSA-5xxx)
-  Amazon Linux 2:  kernel 5.10.xxx (check ALAS-2026-xxx)
+  Amazon Linux 2:  kernel 5.10.xxx (check ALAS-2026-<advisory-number>)
   SUSE 15:         kernel 5.14.xxx (check SUSE-SU-2026:xxx)
 ```
 

package/skills/mcp-agent-trust/skill.md

@@ -33,6 +33,9 @@ framework_gaps:
   - OWASP-LLM-Top-10-2025-LLM06
   - SOC2-CC9-vendor-management
   - SWIFT-CSCF-v2026-1.1
+  - EU-AI-Act-Art-15
+  - UK-CAF-A1
+  - AU-Essential-8-App-Hardening
 rfc_refs:
   - RFC-6749
   - RFC-7519
@@ -56,7 +59,7 @@ d3fend_refs:
   - D3-EAL
   - D3-EHB
   - D3-MFA
-last_threat_review: "2026-05-01"
+last_threat_review: "2026-05-13"
 ---
 
 # MCP Agent Trust Assessment

package/skills/mlops-security/skill.md

@@ -41,6 +41,9 @@ framework_gaps:
   - ISO-IEC-42001-2023-clause-6.1.2
   - NIST-AI-RMF-MEASURE-2.5
   - OWASP-LLM-Top-10-2025-LLM08
+  - EU-AI-Act-Art-15
+  - UK-CAF-A1
+  - AU-Essential-8-App-Hardening
 rfc_refs:
   - RFC-8032
 cwe_refs:

package/skills/ot-ics-security/skill.md

@@ -36,6 +36,9 @@ framework_gaps:
   - IEC-62443-3-3
   - NERC-CIP-007-6-R4
   - NIS2-Art21-patch-management
+  - ISO-27001-2022-A.8.8
+  - UK-CAF-B2
+  - AU-Essential-8-App-Hardening
 rfc_refs: []
 cwe_refs:
   - CWE-287

package/skills/rag-pipeline-security/skill.md

@@ -25,6 +25,9 @@ framework_gaps:
   - NIST-800-53-SI-12
   - NIST-AI-RMF-MEASURE-2.5
   - OWASP-LLM-Top-10-2025-LLM08
+  - EU-AI-Act-Art-15
+  - UK-CAF-A1
+  - AU-Essential-8-App-Hardening
 cwe_refs:
   - CWE-1395
   - CWE-1426

package/skills/sector-energy/skill.md

@@ -36,6 +36,9 @@ framework_gaps:
   - NIST-800-82r3
   - IEC-62443-3-3
   - NIS2-Art21-patch-management
+  - ISO-27001-2022-A.8.8
+  - UK-CAF-D1
+  - AU-Essential-8-Backup
 rfc_refs: []
 cwe_refs:
   - CWE-287

package/skills/sector-federal-government/skill.md

@@ -36,6 +36,9 @@ framework_gaps:
   - CMMC-2.0-Level-2
   - NIST-800-218-SSDF
   - SLSA-v1.0-Build-L3
+  - NIS2-Art21-incident-handling
+  - UK-CAF-A1
+  - AU-Essential-8-App-Hardening
 rfc_refs:
   - RFC-8032
   - RFC-8446

package/skills/sector-financial/skill.md

@@ -41,6 +41,9 @@ framework_gaps:
   - SWIFT-CSCF-v2026-1.1
   - NIST-800-53-AC-2
   - SOC2-CC6-logical-access
+  - NIS2-Art21-incident-handling
+  - UK-CAF-A1
+  - AU-Essential-8-MFA
 rfc_refs:
   - RFC-8446
   - RFC-7519

package/skills/sector-healthcare/skill.md

@@ -37,6 +37,9 @@ framework_gaps:
   - HITRUST-CSF-v11.4-09.l
   - ISO-27001-2022-A.8.30
   - NIST-800-53-AC-2
+  - NIS2-Art21-incident-handling
+  - UK-CAF-D1
+  - AU-Essential-8-Backup
 rfc_refs:
   - RFC-7519
   - RFC-9421

package/skills/security-maturity-tiers/skill.md

@@ -73,7 +73,7 @@ It outputs Tier 1 (MVP), Tier 2 (Practical), Tier 3 (Overkill) for that domain
    uname -r
    # Cross-reference against patched versions for your distro
    # RHEL: kernel >= 4.18.0-553.xx = patched
-   # Ubuntu 22.04: linux-image-5.15.0-xxx (check latest USN)
+   # Ubuntu 22.04: linux-image-5.15.0-<patch-revision> (check latest USN)
    ```
 
 2. **Deploy live kernel patches on exposed systems** (same day)
@@ -373,6 +373,24 @@ Year 1+:  Tier 3 — by domain, starting with highest-sensitivity data
 
 ---
 
+## Compliance Theater Check
+
+Apply this check to every maturity-tier engagement before recommending a roadmap:
+
+> "Your security program currently sits at Tier <N> by self-assessment for domain <D>. The compliance framework you cite (e.g. NIST CSF 2.0 / ISO 27001:2022 / NIS2 Art. 21 / UK-CAF / AU Essential 8) classifies your posture as <attested-tier>. If the threats now in scope for this domain (specific CVE / TTP from `data/cve-catalog.json` and `data/atlas-ttps.json`) include a class where the framework control is structurally insufficient (Hard Rule #2 framework-lag), then your attested tier and your operational tier diverge by exactly that gap. Which of the controls you would cite for your attested tier would survive a primary-source IoC test against the highest-RWEP CVE in scope?"
+
+**Theater fingerprints for tier conflation:**
+
+- The org has Tier 3 controls in one domain (e.g. SIEM with hundreds of alerts) but Tier 1 gaps in an adjacent domain (e.g. no kernel-LPE patch SLA on the SIEM host). The Tier 3 alert never fires because the underlying integrity is missing.
+- "Mature" is asserted on the basis of tool ownership, not behavior — HSMs purchased, never operationally rotated; ZTA architecture documented, default-allow policies in force; PQC algorithms in code, no key-rotation playbook.
+- The maturity model used is the org's own framework-attestation tier, not the lived operational tier — the audit report says Tier 3, the on-call says "what's that runbook again."
+- Tier-3 controls audited annually, Tier-1 controls (patching, MFA on privileged identities, secrets in git) never re-audited because they "passed once."
+- The roadmap promotes the org from Tier 1 to Tier 3 in a single budget cycle, skipping the Tier 2 operational work that converts point-in-time controls into continuous ones.
+
+**Real requirement:** maturity assessed per domain, not org-wide; the assessed tier matches operational behavior (not the audit attestation); promotion happens domain-by-domain with explicit Tier-2 instrumentation between Tier-1 controls and Tier-3 sophistication; the same CVE-anchored primary-source IoC test (Hard Rule #14) applies at every tier — if a Tier-3 control cannot defend against the published PoC of the highest-RWEP CVE in scope, the tier classification is theater.
+
+---
+
 ## The Anti-Pattern: Tier 3 Security Theater
 
 Tier 3 controls without Tier 1 and Tier 2 in place is its own form of theater.

package/skills/skill-update-loop/skill.md

@@ -41,6 +41,38 @@ This meta-skill manages the evolution of all other exceptd skills. It is the loo
 
 ---
 
+## Threat Context
+
+The threat context this skill defends against is not a specific adversary technique — it is the **drift attack against the platform's own currency**: an exceptd installation whose skills, catalogs, framework references, and ATLAS pins age silently between releases until the operator-facing analysis is calibrated to a threat model that no longer exists.
+
+Real-world manifestations in mid-2026:
+
+- ATLAS v5.1.0 (November 2025) added TTPs that bind to operational reality (AML.T0096 AI-API C2, AML.T0048 erode-integrity-via-drift). A skill pinned to ATLAS v4 cannot route these. **AML.T0010** family was expanded to cover MCP supply-chain compromise mid-cycle.
+- CVE-2026-31431 (Copy Fail) joined CISA KEV in 2026-03-15. Any skill whose `last_threat_review` predates that date and whose body recommends "patch on 30-day SLA" is recommending against a threat model that KEV escalated to days, not weeks.
+- NIST SP 800-63B updated PBKDF2 iteration guidance to ≥ 600,000 in 2022; many compliance attestations still cite the 2017 numbers. A skill that does not track that lag perpetuates the theater.
+- IETF RFC 9116 (security.txt) and the CSAF 2.0 transition both have hard cutover signals that change how `coordinated-vuln-disclosure` should advise.
+
+The decay is silent — no alert fires, no signature breaks, no test fails. Skill currency is only verifiable by running this update loop on a published cadence. Without it, **every other skill ships with a hidden expiration date.**
+
+---
+
+## TTP Mapping
+
+This skill defends against drift; the TTPs that EXPLOIT a drifted skill are:
+
+| Tactic | TTP | What drift enables |
+|---|---|---|
+| Defense Evasion | T1562.001 (Disable or Modify Tools) | Stale skill recommends only the controls the current adversary class already evades |
+| Resource Development | AML.T0016 (Develop Capabilities) | Attacker capability outpaces the catalog the skill cites |
+| Initial Access | AML.T0010 (Supply Chain Compromise) | New attack class (e.g. MCP plugin compromise) isn't yet a skill |
+| Defense Evasion | T1027 (Obfuscated Files or Information) | Detection rules in a skill are for an older obfuscation generation |
+| Impact | AML.T0048 (Erode ML Model Integrity) | Drift in the threat-context section means the operator's mental model is wrong by months |
+| Discovery | T1518 (Software Discovery) | The catalog the skill scans doesn't recognize the adversary's current tool inventory |
+
+The update loop does not detect these TTPs — it prevents the skill set from being *vulnerable* to them by structural staleness.
+
+---
+
 ## Why Skills Decay
 
 Security skills have a half-life. The specific decay mechanisms are:

package/skills/supply-chain-integrity/skill.md

@@ -42,6 +42,9 @@ framework_gaps:
   - SWIFT-CSCF-v2026-1.1
   - FedRAMP-Rev5-Moderate
   - CMMC-2.0-Level-2
+  - NIS2-Art21-incident-handling
+  - UK-CAF-A1
+  - AU-Essential-8-App-Hardening
 rfc_refs:
   - RFC-8032
 forward_watch:

package/skills/threat-modeling-methodology/skill.md

@@ -29,6 +29,9 @@ framework_gaps:
   - ISO-IEC-23894-2023-clause-7
   - ISO-IEC-42001-2023-clause-6.1.2
   - NIST-800-218-SSDF
+  - NIS2-Art21-incident-handling
+  - UK-CAF-A1
+  - AU-Essential-8-App-Hardening
 rfc_refs: []
 cwe_refs: []
 d3fend_refs: []

package/skills/webapp-security/skill.md

@@ -36,6 +36,9 @@ framework_gaps:
   - OWASP-LLM-Top-10-2025-LLM01
   - NIST-800-218-SSDF
   - ISO-27001-2022-A.8.28
+  - NIS2-Art21-incident-handling
+  - UK-CAF-B2
+  - AU-Essential-8-App-Hardening
 rfc_refs:
   - RFC-8446
   - RFC-9114