@blamejs/exceptd-skills 0.12.8 → 0.12.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +2 -2
- package/ARCHITECTURE.md +21 -5
- package/CHANGELOG.md +83 -0
- package/README.md +1 -1
- package/bin/exceptd.js +227 -17
- package/data/_indexes/_meta.json +16 -16
- package/data/_indexes/activity-feed.json +8 -8
- package/data/_indexes/catalog-summaries.json +1 -1
- package/data/_indexes/chains.json +11 -11
- package/data/_indexes/section-offsets.json +463 -355
- package/data/_indexes/token-budget.json +113 -53
- package/data/cve-catalog.json +34 -22
- package/data/playbooks/mcp.json +1 -0
- package/lib/playbook-runner.js +119 -35
- package/lib/prefetch.js +27 -6
- package/lib/refresh-external.js +7 -4
- package/manifest-snapshot.json +1 -1
- package/manifest.json +51 -51
- package/orchestrator/index.js +1 -1
- package/package.json +1 -1
- package/sbom.cdx.json +6 -6
- package/scripts/check-test-coverage.js +27 -6
- package/scripts/predeploy.js +7 -9
- package/skills/ai-attack-surface/skill.md +25 -0
- package/skills/ai-c2-detection/skill.md +24 -0
- package/skills/compliance-theater/skill.md +6 -0
- package/skills/exploit-scoring/skill.md +6 -0
- package/skills/mcp-agent-trust/skill.md +24 -0
- package/skills/policy-exception-gen/skill.md +6 -0
- package/skills/rag-pipeline-security/skill.md +28 -2
- package/skills/researcher/skill.md +6 -0
- package/skills/security-maturity-tiers/skill.md +6 -0
- package/skills/skill-update-loop/skill.md +6 -0
- package/skills/threat-model-currency/skill.md +4 -0
- package/skills/zeroday-gap-learn/skill.md +6 -0
|
@@ -12,8 +12,8 @@
|
|
|
12
12
|
"rwep": 90,
|
|
13
13
|
"cvss": 7.8,
|
|
14
14
|
"cisa_kev": true,
|
|
15
|
-
"epss_score": 0.
|
|
16
|
-
"epss_percentile": 0.
|
|
15
|
+
"epss_score": 0.0257,
|
|
16
|
+
"epss_percentile": 0.8569,
|
|
17
17
|
"referencing_skills": [
|
|
18
18
|
"kernel-lpe-triage",
|
|
19
19
|
"exploit-scoring",
|
|
@@ -271,10 +271,10 @@
|
|
|
271
271
|
"CVE-2026-43284": {
|
|
272
272
|
"name": "Dirty Frag (ESP/IPsec component)",
|
|
273
273
|
"rwep": 38,
|
|
274
|
-
"cvss":
|
|
274
|
+
"cvss": 8.8,
|
|
275
275
|
"cisa_kev": false,
|
|
276
|
-
"epss_score": 0.
|
|
277
|
-
"epss_percentile": 0.
|
|
276
|
+
"epss_score": 0.00007,
|
|
277
|
+
"epss_percentile": 0.0051,
|
|
278
278
|
"referencing_skills": [
|
|
279
279
|
"kernel-lpe-triage",
|
|
280
280
|
"pqc-first",
|
|
@@ -483,8 +483,8 @@
|
|
|
483
483
|
"rwep": 32,
|
|
484
484
|
"cvss": 7.6,
|
|
485
485
|
"cisa_kev": false,
|
|
486
|
-
"epss_score": 0.
|
|
487
|
-
"epss_percentile": 0.
|
|
486
|
+
"epss_score": 0.0001,
|
|
487
|
+
"epss_percentile": 0.0115,
|
|
488
488
|
"referencing_skills": [
|
|
489
489
|
"kernel-lpe-triage",
|
|
490
490
|
"pqc-first",
|
|
@@ -1251,9 +1251,9 @@
|
|
|
1251
1251
|
}
|
|
1252
1252
|
},
|
|
1253
1253
|
"CVE-2026-30615": {
|
|
1254
|
-
"name": "Windsurf MCP
|
|
1254
|
+
"name": "Windsurf MCP Local-Vector RCE via Adversarial Tool Response",
|
|
1255
1255
|
"rwep": 35,
|
|
1256
|
-
"cvss":
|
|
1256
|
+
"cvss": 8,
|
|
1257
1257
|
"cisa_kev": false,
|
|
1258
1258
|
"epss_score": 0.14,
|
|
1259
1259
|
"epss_percentile": 0.86,
|
|
@@ -1756,8 +1756,8 @@
|
|
|
1756
1756
|
"rwep": 45,
|
|
1757
1757
|
"cvss": 9.6,
|
|
1758
1758
|
"cisa_kev": false,
|
|
1759
|
-
"epss_score": 0.
|
|
1760
|
-
"epss_percentile": 0.
|
|
1759
|
+
"epss_score": 0.00039,
|
|
1760
|
+
"epss_percentile": 0.1179,
|
|
1761
1761
|
"referencing_skills": [],
|
|
1762
1762
|
"chain": {
|
|
1763
1763
|
"cwes": [],
|