@blamejs/exceptd-skills 0.12.7 → 0.12.9

package/skills/sector-healthcare/skill.md

@@ -37,6 +37,9 @@ framework_gaps:
   - HITRUST-CSF-v11.4-09.l
   - ISO-27001-2022-A.8.30
   - NIST-800-53-AC-2
+  - NIS2-Art21-incident-handling
+  - UK-CAF-D1
+  - AU-Essential-8-Backup
 rfc_refs:
   - RFC-7519
   - RFC-9421

package/skills/security-maturity-tiers/skill.md

@@ -38,6 +38,12 @@ Three tiers. Each is complete, not a stepping stone to the next. An organization
 
 ---
 
+## Frontmatter Scope
+
+The `atlas_refs`, `attack_refs`, and `framework_gaps` arrays are intentionally empty. This skill produces a roadmap shape that applies to *every* security domain the project covers (kernel patching, AI systems, cryptography, MCP, RAG, identity, supply chain, etc.). The three-tier roadmap is domain-agnostic; the domain-specific TTPs and framework gaps live in the downstream skill that owns the domain. Pinning a fixed subset here would falsely imply tier-mapping applies only to that subset.
+
+---
+
 ## How to Use This Skill
 
 This skill produces a three-column roadmap for any security domain. Tell it:
@@ -73,7 +79,7 @@ It outputs Tier 1 (MVP), Tier 2 (Practical), Tier 3 (Overkill) for that domain
    uname -r
    # Cross-reference against patched versions for your distro
    # RHEL: kernel >= 4.18.0-553.xx = patched
-   # Ubuntu 22.04: linux-image-5.15.0-xxx (check latest USN)
+   # Ubuntu 22.04: linux-image-5.15.0-<patch-revision> (check latest USN)
    ```
 
 2. **Deploy live kernel patches on exposed systems** (same day)
@@ -373,6 +379,24 @@ Year 1+:  Tier 3 — by domain, starting with highest-sensitivity data
 
 ---
 
+## Compliance Theater Check
+
+Apply this check to every maturity-tier engagement before recommending a roadmap:
+
+> "Your security program currently sits at Tier <N> by self-assessment for domain <D>. The compliance framework you cite (e.g. NIST CSF 2.0 / ISO 27001:2022 / NIS2 Art. 21 / UK-CAF / AU Essential 8) classifies your posture as <attested-tier>. If the threats now in scope for this domain (specific CVE / TTP from `data/cve-catalog.json` and `data/atlas-ttps.json`) include a class where the framework control is structurally insufficient (Hard Rule #2 framework-lag), then your attested tier and your operational tier diverge by exactly that gap. Which of the controls you would cite for your attested tier would survive a primary-source IoC test against the highest-RWEP CVE in scope?"
+
+**Theater fingerprints for tier conflation:**
+
+- The org has Tier 3 controls in one domain (e.g. SIEM with hundreds of alerts) but Tier 1 gaps in an adjacent domain (e.g. no kernel-LPE patch SLA on the SIEM host). The Tier 3 alert never fires because the underlying integrity is missing.
+- "Mature" is asserted on the basis of tool ownership, not behavior — HSMs purchased, never operationally rotated; ZTA architecture documented, default-allow policies in force; PQC algorithms in code, no key-rotation playbook.
+- The maturity model used is the org's own framework-attestation tier, not the lived operational tier — the audit report says Tier 3, the on-call says "what's that runbook again."
+- Tier-3 controls audited annually, Tier-1 controls (patching, MFA on privileged identities, secrets in git) never re-audited because they "passed once."
+- The roadmap promotes the org from Tier 1 to Tier 3 in a single budget cycle, skipping the Tier 2 operational work that converts point-in-time controls into continuous ones.
+
+**Real requirement:** maturity assessed per domain, not org-wide; the assessed tier matches operational behavior (not the audit attestation); promotion happens domain-by-domain with explicit Tier-2 instrumentation between Tier-1 controls and Tier-3 sophistication; the same CVE-anchored primary-source IoC test (Hard Rule #14) applies at every tier — if a Tier-3 control cannot defend against the published PoC of the highest-RWEP CVE in scope, the tier classification is theater.
+
+---
+
 ## The Anti-Pattern: Tier 3 Security Theater
 
 Tier 3 controls without Tier 1 and Tier 2 in place is its own form of theater.

package/skills/skill-update-loop/skill.md

@@ -41,6 +41,44 @@ This meta-skill manages the evolution of all other exceptd skills. It is the loo
 
 ---
 
+## Frontmatter Scope
+
+The `atlas_refs`, `attack_refs`, and `framework_gaps` arrays are intentionally empty. This skill operates on the *catalog and skill inventory itself* — it has no adversary TTP attached because its threat model is platform-currency drift, not an external adversary. Every TTP and framework-gap mapped by any other skill in the project is implicitly in scope for this loop's audit; pinning a subset would mis-bound the work.
+
+---
+
+## Threat Context
+
+The threat context this skill defends against is not a specific adversary technique — it is the **drift attack against the platform's own currency**: an exceptd installation whose skills, catalogs, framework references, and ATLAS pins age silently between releases until the operator-facing analysis is calibrated to a threat model that no longer exists.
+
+Real-world manifestations in mid-2026:
+
+- ATLAS v5.1.0 (November 2025) added TTPs that bind to operational reality (AML.T0096 AI-API C2, AML.T0048 erode-integrity-via-drift). A skill pinned to ATLAS v4 cannot route these. **AML.T0010** family was expanded to cover MCP supply-chain compromise mid-cycle.
+- CVE-2026-31431 (Copy Fail) joined CISA KEV in 2026-03-15. Any skill whose `last_threat_review` predates that date and whose body recommends "patch on 30-day SLA" is recommending against a threat model that KEV escalated to days, not weeks.
+- NIST SP 800-63B updated PBKDF2 iteration guidance to ≥ 600,000 in 2022; many compliance attestations still cite the 2017 numbers. A skill that does not track that lag perpetuates the theater.
+- IETF RFC 9116 (security.txt) and the CSAF 2.0 transition both have hard cutover signals that change how `coordinated-vuln-disclosure` should advise.
+
+The decay is silent — no alert fires, no signature breaks, no test fails. Skill currency is only verifiable by running this update loop on a published cadence. Without it, **every other skill ships with a hidden expiration date.**
+
+---
+
+## TTP Mapping
+
+This skill defends against drift; the TTPs that EXPLOIT a drifted skill are:
+
+| Tactic | TTP | What drift enables |
+|---|---|---|
+| Defense Evasion | T1562.001 (Disable or Modify Tools) | Stale skill recommends only the controls the current adversary class already evades |
+| Resource Development | AML.T0016 (Develop Capabilities) | Attacker capability outpaces the catalog the skill cites |
+| Initial Access | AML.T0010 (Supply Chain Compromise) | New attack class (e.g. MCP plugin compromise) isn't yet a skill |
+| Defense Evasion | T1027 (Obfuscated Files or Information) | Detection rules in a skill are for an older obfuscation generation |
+| Impact | AML.T0048 (Erode ML Model Integrity) | Drift in the threat-context section means the operator's mental model is wrong by months |
+| Discovery | T1518 (Software Discovery) | The catalog the skill scans doesn't recognize the adversary's current tool inventory |
+
+The update loop does not detect these TTPs — it prevents the skill set from being *vulnerable* to them by structural staleness.
+
+---
+
 ## Why Skills Decay
 
 Security skills have a half-life. The specific decay mechanisms are:

package/skills/supply-chain-integrity/skill.md

@@ -42,6 +42,9 @@ framework_gaps:
   - SWIFT-CSCF-v2026-1.1
   - FedRAMP-Rev5-Moderate
   - CMMC-2.0-Level-2
+  - NIS2-Art21-incident-handling
+  - UK-CAF-A1
+  - AU-Essential-8-App-Hardening
 rfc_refs:
   - RFC-8032
 forward_watch:

package/skills/threat-model-currency/skill.md

@@ -27,6 +27,10 @@ last_threat_review: "2026-05-01"
 
 # Threat Model Currency Assessment
 
+## Frontmatter Scope
+
+The `atlas_refs`, `attack_refs`, and `framework_gaps` arrays are intentionally empty. This skill is a meta-assessment of *every* threat model — its job is to surface gaps against the full 14-class mid-2026 landscape that downstream skills enumerate. Pinning a fixed TTP or framework-gap subset here would understate the assessment's actual coverage (every ATLAS / ATT&CK ID and every framework gap any other skill maps becomes an in-scope currency check). The 14 threat classes are listed in the body; each one references the downstream skill that carries the authoritative TTP and framework-gap IDs.
+
 ## Purpose
 
 Most organizational threat models were last substantially revised 2–4 years ago. They describe the threat landscape of 2021–2022: ransomware, supply chain (SolarWinds-era), cloud misconfiguration, credential phishing using template emails. This is not the 2026 threat landscape.

package/skills/threat-modeling-methodology/skill.md

@@ -29,6 +29,9 @@ framework_gaps:
   - ISO-IEC-23894-2023-clause-7
   - ISO-IEC-42001-2023-clause-6.1.2
   - NIST-800-218-SSDF
+  - NIS2-Art21-incident-handling
+  - UK-CAF-A1
+  - AU-Essential-8-App-Hardening
 rfc_refs: []
 cwe_refs: []
 d3fend_refs: []

package/skills/webapp-security/skill.md

@@ -36,6 +36,9 @@ framework_gaps:
   - OWASP-LLM-Top-10-2025-LLM01
   - NIST-800-218-SSDF
   - ISO-27001-2022-A.8.28
+  - NIS2-Art21-incident-handling
+  - UK-CAF-B2
+  - AU-Essential-8-App-Hardening
 rfc_refs:
   - RFC-8446
   - RFC-9114

package/skills/zeroday-gap-learn/skill.md

@@ -34,6 +34,12 @@ This skill runs the full learning loop: zero-day description → attack vector e
 
 ---
 
+## Frontmatter Scope
+
+The `atlas_refs`, `attack_refs`, and `framework_gaps` arrays are intentionally empty. This skill exists to *generate* TTP-to-gap mappings from incoming zero-days, not to consume a fixed set — its output flows back into `data/atlas-ttps.json` and `data/framework-control-gaps.json` as new entries. Pinning a static reference set here would mis-frame the loop: every TTP and gap mapped by any other skill is a legitimate input, and the skill's job is to produce the *next* entries, not to inherit a fixed subset.
+
+---
+
 ## Threat Context (mid-2026)
 
 The zero-day learning cycle has compressed. The frameworks have not.