@blamejs/exceptd-skills 0.13.1 → 0.13.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/CHANGELOG.md +73 -0
  2. package/bin/exceptd.js +140 -7
  3. package/data/_indexes/_meta.json +28 -28
  4. package/data/_indexes/activity-feed.json +3 -3
  5. package/data/_indexes/catalog-summaries.json +3 -3
  6. package/data/_indexes/chains.json +1897 -88
  7. package/data/_indexes/frequency.json +20 -0
  8. package/data/_indexes/section-offsets.json +574 -574
  9. package/data/_indexes/token-budget.json +97 -97
  10. package/data/atlas-ttps.json +2 -0
  11. package/data/attack-techniques.json +24 -3
  12. package/data/cve-catalog.json +96 -29
  13. package/data/cwe-catalog.json +20 -3
  14. package/data/framework-control-gaps.json +700 -1
  15. package/data/zeroday-lessons.json +889 -0
  16. package/lib/lint-skills.js +54 -1
  17. package/lib/source-advisories.js +26 -0
  18. package/manifest.json +62 -62
  19. package/orchestrator/index.js +155 -3
  20. package/package.json +1 -1
  21. package/sbom.cdx.json +50 -39
  22. package/scripts/check-test-count.js +146 -0
  23. package/scripts/predeploy.js +16 -0
  24. package/skills/age-gates-child-safety/skill.md +1 -0
  25. package/skills/ai-risk-management/skill.md +1 -0
  26. package/skills/api-security/skill.md +14 -4
  27. package/skills/cloud-iam-incident/skill.md +1 -1
  28. package/skills/defensive-countermeasure-mapping/skill.md +1 -0
  29. package/skills/email-security-anti-phishing/skill.md +15 -4
  30. package/skills/fuzz-testing-strategy/skill.md +1 -0
  31. package/skills/mlops-security/skill.md +1 -0
  32. package/skills/ot-ics-security/skill.md +1 -0
  33. package/skills/researcher/skill.md +1 -0
  34. package/skills/sector-energy/skill.md +1 -0
  35. package/skills/sector-federal-government/skill.md +1 -0
  36. package/skills/sector-telecom/skill.md +1 -0
  37. package/skills/skill-update-loop/skill.md +1 -0
  38. package/skills/threat-model-currency/skill.md +1 -0
  39. package/skills/threat-modeling-methodology/skill.md +1 -0
  40. package/skills/webapp-security/skill.md +1 -0
  41. package/skills/zeroday-gap-learn/skill.md +1 -0
package/data/_indexes/token-budget.json CHANGED
@@ -3,8 +3,8 @@
3
3
  "schema_version": "1.0.0",
4
4
  "tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
5
5
  "approx_chars_per_token": 4,
6
- "total_chars": 1610543,
7
- "total_approx_tokens": 402643,
6
+ "total_chars": 1617909,
7
+ "total_approx_tokens": 404483,
8
8
  "skill_count": 42
9
9
  },
10
10
  "skills": {
@@ -555,10 +555,10 @@
555
555
  },
556
556
  "threat-model-currency": {
557
557
  "path": "skills/threat-model-currency/skill.md",
558
- "bytes": 27330,
559
- "chars": 27218,
560
- "lines": 411,
561
- "approx_tokens": 6805,
558
+ "bytes": 27509,
559
+ "chars": 27397,
560
+ "lines": 412,
561
+ "approx_tokens": 6849,
562
562
  "approx_chars_per_token": 4,
563
563
  "sections": {
564
564
  "frontmatter-scope": {
@@ -680,10 +680,10 @@
680
680
  },
681
681
  "zeroday-gap-learn": {
682
682
  "path": "skills/zeroday-gap-learn/skill.md",
683
- "bytes": 37609,
684
- "chars": 37453,
685
- "lines": 444,
686
- "approx_tokens": 9363,
683
+ "bytes": 37784,
684
+ "chars": 37628,
685
+ "lines": 445,
686
+ "approx_tokens": 9407,
687
687
  "approx_chars_per_token": 4,
688
688
  "sections": {
689
689
  "frontmatter-scope": {
@@ -820,10 +820,10 @@
820
820
  },
821
821
  "skill-update-loop": {
822
822
  "path": "skills/skill-update-loop/skill.md",
823
- "bytes": 47134,
824
- "chars": 47002,
825
- "lines": 519,
826
- "approx_tokens": 11751,
823
+ "bytes": 47309,
824
+ "chars": 47177,
825
+ "lines": 520,
826
+ "approx_tokens": 11794,
827
827
  "approx_chars_per_token": 4,
828
828
  "sections": {
829
829
  "frontmatter-scope": {
@@ -980,10 +980,10 @@
980
980
  },
981
981
  "researcher": {
982
982
  "path": "skills/researcher/skill.md",
983
- "bytes": 32058,
984
- "chars": 31886,
985
- "lines": 335,
986
- "approx_tokens": 7972,
983
+ "bytes": 32226,
984
+ "chars": 32054,
985
+ "lines": 336,
986
+ "approx_tokens": 8014,
987
987
  "approx_chars_per_token": 4,
988
988
  "sections": {
989
989
  "frontmatter-scope": {
@@ -1085,10 +1085,10 @@
1085
1085
  },
1086
1086
  "fuzz-testing-strategy": {
1087
1087
  "path": "skills/fuzz-testing-strategy/skill.md",
1088
- "bytes": 30523,
1089
- "chars": 30382,
1090
- "lines": 313,
1091
- "approx_tokens": 7596,
1088
+ "bytes": 30702,
1089
+ "chars": 30561,
1090
+ "lines": 314,
1091
+ "approx_tokens": 7640,
1092
1092
  "approx_chars_per_token": 4,
1093
1093
  "sections": {
1094
1094
  "threat-context": {
@@ -1235,10 +1235,10 @@
1235
1235
  },
1236
1236
  "defensive-countermeasure-mapping": {
1237
1237
  "path": "skills/defensive-countermeasure-mapping/skill.md",
1238
- "bytes": 32601,
1239
- "chars": 32465,
1240
- "lines": 301,
1241
- "approx_tokens": 8116,
1238
+ "bytes": 32791,
1239
+ "chars": 32655,
1240
+ "lines": 302,
1241
+ "approx_tokens": 8164,
1242
1242
  "approx_chars_per_token": 4,
1243
1243
  "sections": {
1244
1244
  "threat-context": {
@@ -1340,10 +1340,10 @@
1340
1340
  },
1341
1341
  "ot-ics-security": {
1342
1342
  "path": "skills/ot-ics-security/skill.md",
1343
- "bytes": 36266,
1344
- "chars": 36070,
1345
- "lines": 341,
1346
- "approx_tokens": 9018,
1343
+ "bytes": 36439,
1344
+ "chars": 36243,
1345
+ "lines": 342,
1346
+ "approx_tokens": 9061,
1347
1347
  "approx_chars_per_token": 4,
1348
1348
  "sections": {
1349
1349
  "threat-context": {
@@ -1450,10 +1450,10 @@
1450
1450
  },
1451
1451
  "threat-modeling-methodology": {
1452
1452
  "path": "skills/threat-modeling-methodology/skill.md",
1453
- "bytes": 30617,
1454
- "chars": 30440,
1455
- "lines": 317,
1456
- "approx_tokens": 7610,
1453
+ "bytes": 30802,
1454
+ "chars": 30625,
1455
+ "lines": 318,
1456
+ "approx_tokens": 7656,
1457
1457
  "approx_chars_per_token": 4,
1458
1458
  "sections": {
1459
1459
  "purpose": {
@@ -1510,10 +1510,10 @@
1510
1510
  },
1511
1511
  "webapp-security": {
1512
1512
  "path": "skills/webapp-security/skill.md",
1513
- "bytes": 28963,
1514
- "chars": 28789,
1515
- "lines": 282,
1516
- "approx_tokens": 7197,
1513
+ "bytes": 29136,
1514
+ "chars": 28962,
1515
+ "lines": 283,
1516
+ "approx_tokens": 7241,
1517
1517
  "approx_chars_per_token": 4,
1518
1518
  "sections": {
1519
1519
  "threat-context": {
@@ -1565,10 +1565,10 @@
1565
1565
  },
1566
1566
  "ai-risk-management": {
1567
1567
  "path": "skills/ai-risk-management/skill.md",
1568
- "bytes": 34753,
1569
- "chars": 34571,
1570
- "lines": 320,
1571
- "approx_tokens": 8643,
1568
+ "bytes": 34929,
1569
+ "chars": 34747,
1570
+ "lines": 321,
1571
+ "approx_tokens": 8687,
1572
1572
  "approx_chars_per_token": 4,
1573
1573
  "sections": {
1574
1574
  "purpose": {
@@ -1735,10 +1735,10 @@
1735
1735
  },
1736
1736
  "sector-federal-government": {
1737
1737
  "path": "skills/sector-federal-government/skill.md",
1738
- "bytes": 44140,
1739
- "chars": 43967,
1740
- "lines": 305,
1741
- "approx_tokens": 10992,
1738
+ "bytes": 44323,
1739
+ "chars": 44150,
1740
+ "lines": 306,
1741
+ "approx_tokens": 11038,
1742
1742
  "approx_chars_per_token": 4,
1743
1743
  "sections": {
1744
1744
  "threat-context": {
@@ -1790,10 +1790,10 @@
1790
1790
  },
1791
1791
  "sector-energy": {
1792
1792
  "path": "skills/sector-energy/skill.md",
1793
- "bytes": 53906,
1794
- "chars": 53698,
1795
- "lines": 409,
1796
- "approx_tokens": 13425,
1793
+ "bytes": 54077,
1794
+ "chars": 53869,
1795
+ "lines": 410,
1796
+ "approx_tokens": 13467,
1797
1797
  "approx_chars_per_token": 4,
1798
1798
  "sections": {
1799
1799
  "threat-context": {
@@ -1845,10 +1845,10 @@
1845
1845
  },
1846
1846
  "sector-telecom": {
1847
1847
  "path": "skills/sector-telecom/skill.md",
1848
- "bytes": 20690,
1849
- "chars": 20590,
1850
- "lines": 256,
1851
- "approx_tokens": 5148,
1848
+ "bytes": 20862,
1849
+ "chars": 20762,
1850
+ "lines": 257,
1851
+ "approx_tokens": 5191,
1852
1852
  "approx_chars_per_token": 4,
1853
1853
  "sections": {
1854
1854
  "threat-context": {
@@ -1900,10 +1900,10 @@
1900
1900
  },
1901
1901
  "api-security": {
1902
1902
  "path": "skills/api-security/skill.md",
1903
- "bytes": 37397,
1904
- "chars": 37162,
1905
- "lines": 294,
1906
- "approx_tokens": 9291,
1903
+ "bytes": 39261,
1904
+ "chars": 39026,
1905
+ "lines": 304,
1906
+ "approx_tokens": 9757,
1907
1907
  "approx_chars_per_token": 4,
1908
1908
  "sections": {
1909
1909
  "threat-context": {
@@ -1917,9 +1917,9 @@
1917
1917
  "approx_tokens": 1320
1918
1918
  },
1919
1919
  "ttp-mapping": {
1920
- "bytes": 2299,
1921
- "chars": 2269,
1922
- "approx_tokens": 567
1920
+ "bytes": 2750,
1921
+ "chars": 2720,
1922
+ "approx_tokens": 680
1923
1923
  },
1924
1924
  "exploit-availability-matrix": {
1925
1925
  "bytes": 4468,
@@ -1927,9 +1927,9 @@
1927
1927
  "approx_tokens": 1103
1928
1928
  },
1929
1929
  "analysis-procedure": {
1930
- "bytes": 7799,
1931
- "chars": 7756,
1932
- "approx_tokens": 1939
1930
+ "bytes": 8479,
1931
+ "chars": 8436,
1932
+ "approx_tokens": 2109
1933
1933
  },
1934
1934
  "output-format": {
1935
1935
  "bytes": 3718,
@@ -1942,9 +1942,9 @@
1942
1942
  "approx_tokens": 587
1943
1943
  },
1944
1944
  "defensive-countermeasure-mapping": {
1945
- "bytes": 3238,
1946
- "chars": 3218,
1947
- "approx_tokens": 805
1945
+ "bytes": 3826,
1946
+ "chars": 3806,
1947
+ "approx_tokens": 952
1948
1948
  },
1949
1949
  "hand-off": {
1950
1950
  "bytes": 1205,
@@ -2065,10 +2065,10 @@
2065
2065
  },
2066
2066
  "mlops-security": {
2067
2067
  "path": "skills/mlops-security/skill.md",
2068
- "bytes": 45439,
2069
- "chars": 45147,
2070
- "lines": 329,
2071
- "approx_tokens": 11287,
2068
+ "bytes": 45611,
2069
+ "chars": 45319,
2070
+ "lines": 330,
2071
+ "approx_tokens": 11330,
2072
2072
  "approx_chars_per_token": 4,
2073
2073
  "sections": {
2074
2074
  "threat-context": {
@@ -2230,10 +2230,10 @@
2230
2230
  },
2231
2231
  "email-security-anti-phishing": {
2232
2232
  "path": "skills/email-security-anti-phishing/skill.md",
2233
- "bytes": 26370,
2234
- "chars": 26272,
2235
- "lines": 208,
2236
- "approx_tokens": 6568,
2233
+ "bytes": 29232,
2234
+ "chars": 29116,
2235
+ "lines": 219,
2236
+ "approx_tokens": 7279,
2237
2237
  "approx_chars_per_token": 4,
2238
2238
  "sections": {
2239
2239
  "threat-context": {
@@ -2242,14 +2242,14 @@
2242
2242
  "approx_tokens": 1104
2243
2243
  },
2244
2244
  "framework-lag-declaration": {
2245
- "bytes": 3683,
2246
- "chars": 3680,
2247
- "approx_tokens": 920
2245
+ "bytes": 4082,
2246
+ "chars": 4077,
2247
+ "approx_tokens": 1019
2248
2248
  },
2249
2249
  "ttp-mapping": {
2250
- "bytes": 1420,
2251
- "chars": 1414,
2252
- "approx_tokens": 354
2250
+ "bytes": 2092,
2251
+ "chars": 2080,
2252
+ "approx_tokens": 520
2253
2253
  },
2254
2254
  "exploit-availability-matrix": {
2255
2255
  "bytes": 1840,
@@ -2257,9 +2257,9 @@
2257
2257
  "approx_tokens": 460
2258
2258
  },
2259
2259
  "analysis-procedure": {
2260
- "bytes": 6759,
2261
- "chars": 6735,
2262
- "approx_tokens": 1684
2260
+ "bytes": 7442,
2261
+ "chars": 7416,
2262
+ "approx_tokens": 1854
2263
2263
  },
2264
2264
  "output-format": {
2265
2265
  "bytes": 1821,
@@ -2272,9 +2272,9 @@
2272
2272
  "approx_tokens": 450
2273
2273
  },
2274
2274
  "defensive-countermeasure-mapping": {
2275
- "bytes": 2431,
2276
- "chars": 2419,
2277
- "approx_tokens": 605
2275
+ "bytes": 3207,
2276
+ "chars": 3187,
2277
+ "approx_tokens": 797
2278
2278
  },
2279
2279
  "hand-off": {
2280
2280
  "bytes": 1135,
@@ -2285,10 +2285,10 @@
2285
2285
  },
2286
2286
  "age-gates-child-safety": {
2287
2287
  "path": "skills/age-gates-child-safety/skill.md",
2288
- "bytes": 69560,
2289
- "chars": 69272,
2290
- "lines": 456,
2291
- "approx_tokens": 17318,
2288
+ "bytes": 69740,
2289
+ "chars": 69452,
2290
+ "lines": 457,
2291
+ "approx_tokens": 17363,
2292
2292
  "approx_chars_per_token": 4,
2293
2293
  "sections": {
2294
2294
  "threat-context": {
@@ -2340,16 +2340,16 @@
2340
2340
  },
2341
2341
  "cloud-iam-incident": {
2342
2342
  "path": "skills/cloud-iam-incident/skill.md",
2343
- "bytes": 44467,
2344
- "chars": 44309,
2343
+ "bytes": 44474,
2344
+ "chars": 44316,
2345
2345
  "lines": 416,
2346
- "approx_tokens": 11077,
2346
+ "approx_tokens": 11079,
2347
2347
  "approx_chars_per_token": 4,
2348
2348
  "sections": {
2349
2349
  "threat-context": {
2350
- "bytes": 5786,
2351
- "chars": 5772,
2352
- "approx_tokens": 1443
2350
+ "bytes": 5793,
2351
+ "chars": 5779,
2352
+ "approx_tokens": 1445
2353
2353
  },
2354
2354
  "framework-lag-declaration": {
2355
2355
  "bytes": 6316,
package/data/atlas-ttps.json CHANGED
@@ -85,6 +85,7 @@
85
85
  "maturity": "high",
86
86
  "last_verified": "2026-05-15",
87
87
  "cve_refs": [
88
+ "CVE-2026-30623",
88
89
  "CVE-2026-42945"
89
90
  ]
90
91
  },
@@ -163,6 +164,7 @@
163
164
  "maturity": "moderate",
164
165
  "last_verified": "2026-05-15",
165
166
  "cve_refs": [
167
+ "CVE-2023-43472",
166
168
  "CVE-2026-30615"
167
169
  ]
168
170
  },
package/data/attack-techniques.json CHANGED
@@ -99,8 +99,10 @@
99
99
  "DS0017"
100
100
  ],
101
101
  "cve_refs": [
102
+ "CVE-2025-11837",
102
103
  "CVE-2025-53773",
103
104
  "CVE-2026-30615",
105
+ "CVE-2026-30623",
104
106
  "CVE-2026-32202",
105
107
  "CVE-2026-39884",
106
108
  "CVE-2026-39987",
@@ -133,6 +135,7 @@
133
135
  "name": "Exploitation for Privilege Escalation",
134
136
  "version": "v19",
135
137
  "cve_refs": [
138
+ "CVE-2025-62849",
136
139
  "CVE-2026-0300",
137
140
  "CVE-2026-31431",
138
141
  "CVE-2026-33825",
@@ -151,6 +154,9 @@
151
154
  "name": "Valid Accounts",
152
155
  "version": "v19",
153
156
  "cve_refs": [
157
+ "CVE-2020-10148",
158
+ "CVE-2024-1709",
159
+ "CVE-2026-20182",
154
160
  "CVE-2026-33825",
155
161
  "CVE-2026-39884",
156
162
  "CVE-2026-42897",
@@ -211,6 +217,7 @@
211
217
  "name": "External Remote Services",
212
218
  "version": "v19",
213
219
  "cve_refs": [
220
+ "CVE-2024-21762",
214
221
  "CVE-2026-0300",
215
222
  "CVE-2026-39987"
216
223
  ]
@@ -223,8 +230,17 @@
223
230
  "name": "Exploit Public-Facing Application",
224
231
  "version": "v19",
225
232
  "cve_refs": [
233
+ "CVE-2020-10148",
234
+ "CVE-2023-3519",
235
+ "CVE-2024-1709",
236
+ "CVE-2024-21762",
237
+ "CVE-2025-12686",
226
238
  "CVE-2025-53773",
239
+ "CVE-2025-59389",
240
+ "CVE-2025-62847",
241
+ "CVE-2025-62848",
227
242
  "CVE-2026-0300",
243
+ "CVE-2026-20182",
228
244
  "CVE-2026-32202",
229
245
  "CVE-2026-39987",
230
246
  "CVE-2026-42208",
@@ -300,7 +316,10 @@
300
316
  },
301
317
  "T1525": {
302
318
  "name": "Implant Internal Image",
303
- "version": "v19"
319
+ "version": "v19",
320
+ "cve_refs": [
321
+ "CVE-2024-40635"
322
+ ]
304
323
  },
305
324
  "T1528": {
306
325
  "name": "Steal Application Access Token",
@@ -364,7 +383,8 @@
364
383
  "name": "Compromise Host Software Binary",
365
384
  "version": "v19",
366
385
  "cve_refs": [
367
- "CVE-2024-3094"
386
+ "CVE-2024-3094",
387
+ "CVE-2025-11837"
368
388
  ]
369
389
  },
370
390
  "T1555": {
@@ -493,7 +513,8 @@
493
513
  "DS0029"
494
514
  ],
495
515
  "cve_refs": [
496
- "CVE-2024-21626"
516
+ "CVE-2024-21626",
517
+ "CVE-2024-3154"
497
518
  ]
498
519
  },
499
520
  "T1613": {