@blamejs/exceptd-skills 0.13.2 → 0.13.4

package/sbom.cdx.json

@@ -1,22 +1,22 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:594c61d8-9616-4df7-9bb0-cef4da00b814",
+  "serialNumber": "urn:uuid:2817019c-3f65-4bd2-9eb6-c1eb0d9baa45",
   "version": 1,
   "metadata": {
-    "timestamp": "2073-06-23T00:33:28.000Z",
+    "timestamp": "2047-04-25T16:19:40.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.13.2"
+        "version": "0.13.4"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.13.2",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.13.4",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.13.2",
+      "version": "0.13.4",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
       "licenses": [
         {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.13.2",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.13.4",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "2ec5e865222c3ce57aa170d553cfb29c3b2e72da144e971138e433e39cd42776"
+          "content": "c2bd3ae64e303b098088db047fecec1eab56cc2e3021d6c54f73dcf4c5772ab6"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.13.2"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.13.4"
         },
         {
           "type": "vcs",
@@ -86,7 +86,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "65493e20f232b92d5a22c354f5043631f4ae4565d11a291e3868d25cab617623"
+          "content": "fa1b15280e42f30c8509a37ad66e7bf875731f28bc7594ed887e11d268cc09f8"
         }
       ]
     },
@@ -108,7 +108,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "119d02d2e0db3628538359c7a0714a109faf1abc51780ce0c3be25d6ade94817"
+          "content": "0f22625bf1e0c95e9b831b34ca7f74fa011f2c9c2a011efdabe4eab783b2c918"
         }
       ]
     },
@@ -152,7 +152,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "6afee28a15421d95544faea33ad9ae8f61693edf6e8898918b78ee7d7b5e8953"
+          "content": "499743f3bd6784d495ab4ba9a18d7749e918c0b8c5ca8def9e46b334f70f4a14"
         }
       ]
     },
@@ -229,7 +229,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "2451bc7b4e6775fdb71d2255f0d0d20230951a049343fffbd7999efb7bd665d3"
+          "content": "b3540a3296e5e901004d428351d40d3ac40b154da082071da2c00222c40b7b6e"
         }
       ]
     },
@@ -251,7 +251,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "5c992a3c2974e117ee38b62f7ead36043819880baf23863979b490f19fe5826b"
+          "content": "76461dbec048c5e072435d57e3a04b780e3992dab9f316b1b52608e0a997e355"
         }
       ]
     },
@@ -262,7 +262,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "8ddc5d3f9441334d544df5bc4e34846259f981d15a87dd7bed825e7f2d8b961d"
+          "content": "68d4c20ee97ec90cb5f33f53df512788921b0920687c69fa50d8a83189fb98fa"
         }
       ]
     },
@@ -273,7 +273,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4baff0970c17224aef4606598b90d72e09da5e927ee4f46bdbf3e12b2e6247e3"
+          "content": "4a0036f9ec17af29e0df111ac77b94f8be6a52742bfd89ff3583096d23b75e35"
         }
       ]
     },
@@ -306,7 +306,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "003a400f5ae5b15527589571679ccdb9b3a62e60073627b5fbdeb2a9fe330a7a"
+          "content": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795"
         }
       ]
     },
@@ -317,7 +317,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "c4b735cac63559b4dad4cccfc97dda57434de4d9bb61a712264131ec3aae8ae6"
+          "content": "994bf3203f3a2c80fe21194d00f67ecffa77b80193ba3f4b046e9d38e7b09f0f"
         }
       ]
     },
@@ -570,7 +570,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "6e503b75e52c8baea7e3ffaa872a2f7faedc36ca1cf53c8aec07e610c4c4ce07"
+          "content": "3d4c18977f2100f200e209dc55331931a5d0adc54af35879fc58f1b43deac56f"
         }
       ]
     },
@@ -691,7 +691,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4e6667e490ed81afb0b23b0119e182b2c916c20d6f6a2c82163d8db1981c3ebe"
+          "content": "48aa70089fe9fc3bee80e19042d28d91ceb996ed018b6131db970dba7cadb90e"
         }
       ]
     },
@@ -768,7 +768,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4a40da0c0f1aff593f8318af89167bfec5842d012f2b0b502e987099873efdce"
+          "content": "fb6c41c37cb9249f7f702722158351fca7c7a9a9e8a144fde4a1c709de4e1836"
         }
       ]
     },
@@ -812,7 +812,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "678cce9841ee92128e777cc0f355e020bd69c37cbd637be91479858e6a4958fd"
+          "content": "63702da0ef17b9dd32cff349473d5e1c32aae763cd769936a07570e34cb6b824"
         }
       ]
     },
@@ -988,7 +988,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "034fb84e4508b8cb103699bdfe1ca220c8aa5d18cc8951f76cf74c5a1b30e418"
+          "content": "821b61225c10b09eebad72fc94faf1a0627ad0be223427ba477c64704bc260b8"
         }
       ]
     },
@@ -1032,7 +1032,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "58e6e1acf753cfa8f578eec3e41420f518dbd26d4ee0a7db7f6f0019e46350bb"
+          "content": "b827fb5d2a43409ba2c390b000e175c9357b86137d25d6647ff238b94922275b"
         }
       ]
     },
@@ -1417,7 +1417,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "51295c849bcced965b6448eb6b4bbd5caef5ba0b0cea7ce48abbacf47d331621"
+          "content": "51ffbbc0743daa26d6c7fe55ff6ec223dccb2087ddca981e06ab7133230e9ec5"
         }
       ]
     },
@@ -1428,7 +1428,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "dcca7d92a1ab4d1e4c46356b614a138b1c1f79b65a6a290eccf2095d8d443993"
+          "content": "d1361c53c8360999e1ec6a403bcbfaa53d0afc11689e8781d26081196dd079d4"
         }
       ]
     },
@@ -1439,7 +1439,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "3da9f549f5c62e6163cddd70c8edccbef7be622d5a45fa89c90c6550e68c6b2e"
+          "content": "490511ad517a0c3ad64f6a951c36cffb3109fed2c5da6376b5efc50e799e02a9"
         }
       ]
     },
@@ -1450,7 +1450,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "2b611eb8fa4841fdfc3f1dd1ffd504a46c6ecdc654213a955efbabefb6b1db87"
+          "content": "686f53c2aee3a44108d1fa3e5f52fc7d971edc00946cfc1f082e4658af25fddc"
         }
       ]
     },
@@ -1461,7 +1461,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "2bdfa3dbe534efa3df245e0da37998ad7ab2da4a3171d5000d3346513c10bceb"
+          "content": "8a79a28b7b1c3088672bc09017a0d2481e45fb1c0f89768e87642268b62d4808"
         }
       ]
     },
@@ -1472,7 +1472,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "0d301beb9fb8e247ec80256a7e647804b5f9a41c7156e5724555ca9f93ccb986"
+          "content": "e845c4e08adef038888a025bf920a042c851df41ca53f41aa5fc11ec02a37fbb"
         }
       ]
     },
@@ -1483,7 +1483,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "6494ee3856edeb212e65fe5cdb208357c1a832eb8ac374b26055586bfc71f629"
+          "content": "5ec3800a0049b2123aff67bfab4ff28491a86d2daeb712283e5e88b10c3d5d7b"
         }
       ]
     },
@@ -1494,7 +1494,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "c9fad9ed3663cf2faec74ad8f06d62eb86e6636f79933560d8c8d50e0e82d1da"
+          "content": "84844b369f3195eae06115b392b4ceb41d96c1b3fda254f82c37cd8165858e7f"
         }
       ]
     },
@@ -1505,7 +1505,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "a1387c523f7aa2481a199f6288e0152b94aa5a6644600eb39dbb3ea9ee9af6bd"
+          "content": "42babdc846b3e91af6be4698c7b5e876d9dd5cdb214d1aa2b4faceb6773e4ed1"
         }
       ]
     },
@@ -1516,7 +1516,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "605a8e8eb1af09835b967ec7179456015ec116c6b9051af3a8d225866cc2f7af"
+          "content": "d608fc7cc9e7c89640101078623490596b1610f7020eecde0d696e5c5084f932"
         }
       ]
     },
@@ -1527,7 +1527,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "0e875953bb8a38a89c8ec5d2a9ef967b12e9a9f166dc9356723f10304fd0535e"
+          "content": "6c85b8761e557069ae0623400a2218a81356e5426f0a4e3ddebdc2a569735c9b"
         }
       ]
     },
@@ -1538,7 +1538,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "3d0c7ca85f32ee1fe74598889361ef2be16d099fe6e9e8d8c8184b7004306b30"
+          "content": "331a0248dd8ed3b509b759c41a9a4d6d8d6dc67fb732ad31d1a4c2d9a0865054"
         }
       ]
     },
@@ -1549,7 +1549,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "1c4e1d7da2421b82f202eaf2c9e21876af34ab5c76ce1359166842ee473f02dd"
+          "content": "6aa0960d85465006cdffcce3478dc790a14fd1cc95c73e124d5809836c26a4c4"
         }
       ]
     },
@@ -1560,7 +1560,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "82af58b98bd808c0c6ec92554d89948378702465504db1113fc462a96366a601"
+          "content": "250f266908f51f99a4cb3aec0d5dacfcf91fac9f3d95e5a117429a40ed2ff45a"
         }
       ]
     },
@@ -1571,7 +1571,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "fba9e27722d361cc6ed5992d9aaeaa397598b417fc5a0d6fe0bee2993942e7e8"
+          "content": "9f50b4d52c470d5616fc1626589843a5b2602d209436ded08cc9cc9885df770c"
         }
       ]
     },
@@ -1582,7 +1582,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "3b139eaefbedd36b2379cfe22dceef71e97d0e34404b0009b7afbfe0a8dc39e6"
+          "content": "04e841fc426f92f20c254497b3b92b54d603062a0e6a617f3e9d607d6115c097"
         }
       ]
     },
@@ -1593,7 +1593,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "fb8c261def9e3344b44fd219c209027029e1eddf0e6bee1ecffb2d2176e1585e"
+          "content": "1088d1ef5a0b4b2e50b356e3ff766a3ba6c66ba3435caf394d7c9c493d45b17e"
         }
       ]
     },
@@ -1604,7 +1604,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "1dca534cce7612c1d26a7b1bfd088a811081555ecfa25b1f68cff2ca2ba28c98"
+          "content": "57ca729034e9d33c527d869c1c4aa82fe37e496878a3cbcd9e5043cb62b7105d"
         }
       ]
     },
@@ -1615,7 +1615,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4ee7096fd82997c66b0f9e825ea3c04c3aa84768b74e6f668c1a9104104138cf"
+          "content": "f3c29ce17aaa426b65b58238e5bc9ccabcda23a8d350e597840e5d6d664aa102"
         }
       ]
     },
@@ -1648,7 +1648,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ae4a0af924d0078ffc6cd051a3ef9fce75a6a3f9c0c15d1c07900ae5faf80502"
+          "content": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d"
         }
       ]
     },
@@ -1659,7 +1659,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "6821f6d38f6e23bbed953f8f86a279597b0b95a2d0548b5383e851bca7442531"
+          "content": "19a6b54375808e59143070011328d8c936836845bca4a484108738bbef290694"
         }
       ]
     },
@@ -1670,7 +1670,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "72429f05010accbcb191cb1544f1b88493c2f5249362846e5713ec3226b83dc2"
+          "content": "44fc3a4a6118e764a4bef840358c98d01b87f6e47bac9dd88e2df7633573414a"
         }
       ]
     },
@@ -1681,7 +1681,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "7423cca19aab1026c07de63279137441018345731d3ee895c474316d432adaa2"
+          "content": "33d3d82c87ed8708839f5211bb7b59a924c2e3d9c5d915dc2cc101c53176145e"
         }
       ]
     },
@@ -1692,7 +1692,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "a7d886f7fa99a150b040f158b09045ba45e107439315389aea785311b0013395"
+          "content": "1e758322d74386f5c48d5bf5d7a4b4adfcef29553aca6d7c610845953beb8228"
         }
       ]
     },
@@ -1703,7 +1703,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "a7131b65d0ceee47887b16679ee4e4b065d32d8751fe59921762388703662913"
+          "content": "07b38278b60d2437603a541c1ee954999abfe3a192f94b43cd384023738a0c1f"
         }
       ]
     },
@@ -1714,7 +1714,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ff07e48918090247aef71def4150b0df372a24bcdaa34eb6e11d246b9e71e1ee"
+          "content": "4a64b4bc317141a219bcba40593f1994f791103381fd91c17ce23d06b0f6bc4e"
         }
       ]
     },
@@ -1736,7 +1736,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "fd441131484dc5af4cd785ded0bac039123e6205483543752cb16fa508460c00"
+          "content": "959aeba706eea43a69136561968d7942dcd981d0a6c3da7db47673c51943b6df"
         }
       ]
     },
@@ -1747,7 +1747,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "91f00e7a9be2608393ec8cb6d5f0c9828f81b954a12a7c9fd04bd642b9091e09"
+          "content": "efc7681d62b23aaad277e9018687362717bb1fcfb29d7ada844dfb7196870c78"
         }
       ]
     },
@@ -1758,7 +1758,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "a73c3f36f23c12750d369931b7e3f884edae4a8aef35fc8690d15ef4500c4dd0"
+          "content": "91e3eecdc18d108c669d49db1221ac89041a43c8294c8be65d4397cd149d75d0"
         }
       ]
     },
@@ -1769,7 +1769,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "023b5440d614e6b83ba7294219bcac3cdbffd28fdfdd5f0ec23abbeea71b8230"
+          "content": "4c4c6fb95c6c2fd6cad3fec8ab8e08076fd4ddfa89ad5f00de017e546e01044d"
         }
       ]
     },
@@ -1780,7 +1780,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "a18e11d25524cdbf40df3798f4c2aa3cb51a4db1b088242ea53fa2885e86b64c"
+          "content": "9f3164def71c1f6f78b074ffc452bd02d8b71b313f2feb1554289bd5a099b4e9"
         }
       ]
     },
@@ -1802,7 +1802,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ed962937c45f3d95f325f231b787d272fe45c4cb91d4c5a2d982493d722c2acf"
+          "content": "c1e699e4d48a7f89c32fbc9f2fe64c721a61603624eb93afae7148348cc4637d"
         }
       ]
     },
@@ -1813,7 +1813,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "b6f3bee321833dc18f5624a9be4d28673d22e22018254b0bd1f3690b945073af"
+          "content": "eb67e2466230e143784b6e741c6ce7ea3e0c0e4385e5ab21b81b8de04f0168e2"
         }
       ]
     },
@@ -1824,7 +1824,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ad69b72f5c5df095f8618b977fbc8f0fbff396eebd4a8448b44c3f93309f63f9"
+          "content": "aea9c61c09e1ec714e129a6000d7b91ddbc74db52a64aa8bc95d3c698bf4ece6"
         }
       ]
     },
@@ -1835,7 +1835,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "cf1cc27ae5ae68d336c56d9f3afd950641e1d8d5b9f90b64c2daf00abe92bab0"
+          "content": "38dc4369132fd199d10cebf3287ed8e35ffb0cf3eefbb98ec17d57027a5df7f1"
         }
       ]
     },
@@ -1846,7 +1846,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "cebeba3940320ebc5b44ad2bb7b4cdcda412257c1a6319a1b7379c875ebe8d6a"
+          "content": "ba175224737571f9c6148e4cbe47b9ebaa762592cc659b7fb2cf0e9a6b3679c0"
         }
       ]
     },
@@ -1857,7 +1857,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "f2063eaea3f5ddf0f3d37b41985bf522b682a41f104796b3f0dff611cefd043c"
+          "content": "135ca1cd01476b4df9ba7fbba2f194d0cac521480b51d479d60045d9abfc0350"
         }
       ]
     },
@@ -1868,7 +1868,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "e26f194880cd6acf46abe31e9348d445e9222c7691e9b9b953662c4a472462f5"
+          "content": "adcb681f90ab3c58a98c7935fd8bad102d7ed16b6db6235661483ec1be6cf410"
         }
       ]
     },

package/skills/age-gates-child-safety/skill.md

@@ -287,6 +287,8 @@ Produce a single per-control mapping across all in-scope jurisdictions; disparat
 
 ## Output Format
 
+The skill produces an Age Gates and Child-Safeguarding Posture Assessment covering US COPPA / CIPA, California AADC, UK Children's Code (ICO), Ireland Fundamentals for a Child-Oriented Approach, EU DSA Art. 28 (online platforms), KOSA (US, where enacted), GDPR Art. 8, AU Online Safety Act + eSafety Basic Online Safety Expectations, and emerging KSA / SG / IN child-protection guidance. The shape below is consumed downstream by `dlp-gap-analysis` (for child-data flow detection), by `incident-response-playbook` (for child-data breach notification clocks), and by `global-grc` (for cross-jurisdictional rollup). Preserve the per-jurisdiction obligation rows verbatim — they are the auditable evidence for regulator inquiries.
+
 Produce this structure verbatim:
 
 ```

package/skills/ai-attack-surface/skill.md

@@ -270,6 +270,8 @@ For each identified risk, declare the framework gap:
 
 ## Output Format
 
+The assessment produces a structured AI Attack Surface Assessment report. The shape below is consumed downstream by `mcp-agent-trust` (which converts the MCP Trust Assessment section into per-server policy), by `rag-pipeline-security` (which picks up any RAG-pipeline entries from the Surface Inventory), and by `incident-response-playbook` (which scopes IR against the prompt-injection and AI-C2 exposure bands). CSAF-style auditor evidence bundles consume the Framework Gaps and ATLAS TTP Coverage Gaps sections verbatim — preserve the framework-control IDs as cited.
+
 ```
 ## AI Attack Surface Assessment
 

package/skills/ai-c2-detection/skill.md

@@ -443,6 +443,8 @@ D3FEND v1.0+ references from `data/d3fend-catalog.json`. Maps the SesameOp / PRO
 
 ## Output Format
 
+The skill produces a structured AI C2 Detection Assessment covering per-host AI-API egress baselines, behavioral anomaly indicators, and SesameOp-class C2-pattern findings. The shape below is consumed downstream by `incident-response-playbook` (which scopes IR against confirmed C2 indicators), by `ai-attack-surface` (which integrates the detection-gap section into the broader AI surface report), and by `compliance-theater` (which compares the AI-API monitoring coverage against any SI-4 / CC7 anomaly-detection compliance claim). Preserve the per-host egress-baseline shape verbatim — it is the load-bearing detection artifact.
+
 ```
 ## AI C2 Detection Assessment
 

package/skills/ai-risk-management/skill.md

@@ -221,6 +221,8 @@ Re-run cadence: per Hard Rule AGENTS.md #12, when ATLAS, EU AI Act implementing
 
 ## Output Format
 
+The skill produces a structured AI Risk Management Programme assessment scoring the org against ISO/IEC 42001:2023, ISO/IEC 23894:2023, NIST AI RMF 1.0, EU AI Act (Regulation 2024/1689) high-risk-system obligations, and the jurisdiction-specific AI frameworks tracked in `data/global-frameworks.json`. The shape below is consumed downstream by `compliance-theater` (which compares the AI-RM policy against deployed controls), by `ai-attack-surface` (which inherits the AI-system inventory), and by `global-grc` (for cross-jurisdictional AI rollup). Preserve the per-standard control-coverage rows verbatim — they are the auditable derivation of the programme score.
+
 ```
 ## AI Risk Management Programme — <organisation / scope>
 **Assessment Date:** YYYY-MM-DD

package/skills/api-security/skill.md

@@ -17,7 +17,13 @@ triggers:
   - ai api security
   - mcp transport
   - openapi security
-data_deps: []
+data_deps:
+  - atlas-ttps.json
+  - attack-techniques.json
+  - cwe-catalog.json
+  - d3fend-catalog.json
+  - framework-control-gaps.json
+  - rfc-references.json
 atlas_refs:
   - AML.T0096
   - AML.T0017
@@ -61,7 +67,7 @@ forward_watch:
   - NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; track for active-exploitation confirmation and patch advisory affecting API gateway / reverse-proxy deployments
   - Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — LiteLLM 3-bug SSRF + Code Injection chain by k3vg3n; LLM-proxy API surface; track upstream patch and CVE assignments
   - Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — LiteLLM full SSRF + Code Injection by Out Of Bounds (Byung Young Yi); duplicate-class with the k3vg3n entry; track unified patch advisory
-last_threat_review: "2026-05-17"
+last_threat_review: "2026-05-18"
 ---
 
 # API Security Assessment
@@ -130,7 +136,7 @@ APIs are now the integration substrate of every non-trivial system. The mid-2026
 | AML.T0096 | AI Service Exploitation (AI-API as covert C2) | LLM API used as a covert command-and-control / exfil channel — prompt content carries instructions; response carries staged data | CWE-77, CWE-200 | Missing in NIST/ISO; hand-off to `ai-c2-detection` |
 | AML.T0017 | Discover ML Model Ontology (inference-API probing for system-prompt, guardrail, model-family signal) | High-volume queries against a hosted model used to reconstruct behaviour, guardrail surface, or training-data signal | CWE-200 | Missing — detected only by per-identity rate-and-shape monitoring at egress |
 
-CWE root-causes referenced as a set (per `cwe_refs` in frontmatter): CWE-287 (Improper Authentication), CWE-862 (Missing Authorization — BFLA root cause), CWE-863 (Incorrect Authorization — BOLA root cause), CWE-918 (SSRF — API7), CWE-200 (Information Exposure — BOPLA contributor), CWE-352 (CSRF — cookie-auth APIs + WebSocket CSWSH), CWE-22 (Path Traversal — API parameter sinks), CWE-77 (Command Injection — API parameter to shell), CWE-1188 (Insecure Default Initialization — default-open API state).
+CWE root-causes referenced as a set (per `cwe_refs` in frontmatter, all resolved against `data/cwe-catalog.json`): CWE-287 (Improper Authentication), CWE-862 (Missing Authorization — BFLA root cause), CWE-863 (Incorrect Authorization — BOLA root cause), CWE-918 (SSRF — API7), CWE-200 (Information Exposure — BOPLA contributor), CWE-352 (CSRF — cookie-auth APIs + WebSocket CSWSH), CWE-22 (Path Traversal — API parameter sinks), CWE-77 (Command Injection — API parameter to shell), CWE-1188 (Insecure Default Initialization — default-open API state). ATT&CK Enterprise techniques (T1190, T1078, T1567) resolve against `data/attack-techniques.json`; the AML.T0096 (AI service exploitation) and AML.T0017 (model-ontology discovery) entries resolve against `data/atlas-ttps.json`. Cross-reference every BOLA / BFLA finding against the `CWE-863` / `CWE-862` entries in `data/cwe-catalog.json` for the canonical weakness description used in operator briefings.
 
 ---
 
@@ -158,6 +164,8 @@ CWE root-causes referenced as a set (per `cwe_refs` in frontmatter): CWE-287 (Im
 
 The procedure threads three foundational design principles. They are not optional.
 
+Wire-level RFC mappings cited below resolve against `data/rfc-references.json` (RFC-7519 JWT, RFC-8725 JWT BCP, RFC-6749 OAuth 2.0, RFC-9700 OAuth Security BCP, RFC-9421 HTTP Message Signatures, RFC-8446 TLS 1.3, RFC-9114 HTTP/3); framework-gap IDs cited throughout (OWASP-ASVS-v5.0-V14, NIST-800-53-AC-2, NIST-800-218-SSDF, ISO-27001-2022-A.8.28, NIS2-Art21-incident-handling, UK-CAF-B2, AU-Essential-8-App-Hardening) resolve against `data/framework-control-gaps.json`.
+
 **Defense in depth** — the API request lifecycle is layered. No single control is trusted to fail closed.
 
 1. **API gateway (perimeter)** — terminates TLS (RFC 8446 baseline; HTTP/3 over QUIC per RFC 9114 for public global APIs), enforces auth, enforces rate limits per route + per identity + per cost-unit, applies threat-detection rules, captures the canonical log record. Gateways with bypass paths (a "direct backend" route that skips the gateway) are gateway-in-name-only.
@@ -198,12 +206,14 @@ The procedure threads three foundational design principles. They are not optiona
 7. **GraphQL query-complexity limits.** Depth limit, breadth (alias) limit, complexity-cost calculator with budget per query, persisted-query allowlist for production clients. **Introspection disabled in production.**
 8. **gRPC reflection disabled in production.** mTLS for service-to-service; per-method authorisation (BFLA in gRPC terms is per-method); deadline propagation enforced; max-message-size bounded.
 9. **WebSocket origin validation at upgrade + CSRF / sender-constrained token thereafter.** Per-message authorisation if the channel multiplexes operations across resources; rate-limit per connection AND per identity (one identity cannot fan out across many connections to bypass).
-10. **MCP transport audit (hand-off to `mcp-agent-trust`) and AI-API egress map (hand-off to `ai-c2-detection`).** Document every MCP server and every AI-API destination. Per-destination quota with explicit USD cap; per-identity rate-and-shape baseline; D3-NTA egress monitoring fed to SIEM. AI-API keys treated as the most sensitive credential class — rotation cadence ≤ 30 days, automated key-leak scanning on commits.
+10. **MCP transport audit (hand-off to `mcp-agent-trust`) and AI-API egress map (hand-off to `ai-c2-detection`).** Document every MCP server and every AI-API destination. Per-destination quota with explicit USD cap; per-identity rate-and-shape baseline; D3-NTA egress monitoring fed to SIEM. AI-API keys treated as the most sensitive credential class — rotation cadence ≤ 30 days, automated key-leak scanning on commits. The egress map cross-references the AML.T0096 / AML.T0017 catalog entries in `data/atlas-ttps.json` so that egress-baseline rules can be authored against the canonical TTP IDs rather than ad-hoc local names.
 
 ---
 
 ## Output Format
 
+The skill produces an API Security Assessment covering REST / GraphQL / gRPC / WebSocket / MCP per-surface coverage, OWASP API Top 10 2023 + OWASP API Sec for LLM Top 10 mapping, per-endpoint authentication / authorization / rate-limit / schema-validation evidence, and the prioritized remediation roadmap. The shape below is consumed downstream by `webapp-security` (for browser-facing APIs), by `mcp-agent-trust` (for MCP surfaces), and by `compliance-theater` (which compares the deployed API controls against PCI 4.0 6.2 / OWASP ASVS L2-L3 claims). Preserve the per-endpoint control-evidence rows verbatim — they are the auditable derivation of the API-surface risk score.
+
 ```
 ## API Security Assessment
 
@@ -281,6 +291,8 @@ Each D3FEND technique below maps an offensive API-security finding to a defensiv
 | D3-MFA | Multi-Factor Authentication (auth hardening at the API gateway) | Identity layer — phishing-resistant FIDO2 / WebAuthn passkeys for human-fronted APIs; service identities for machine-to-machine | Per-principal MFA enrolment; passkey-only for privileged routes | Every interactive authentication challenge is AiTM-resistant; TOTP / SMS insufficient for privileged API surfaces | Applies — AI-assisted phishing kits compress time-to-weaponise; passkey-mandatory for any human accessing AI-API management consoles (key rotation, budget setting) |
 | D3-CBAN | Certificate-Based Authentication | Service-to-service and high-value gateway boundaries — mTLS per RFC 8446 with appropriate cipher choice | Per-service workload identity (SPIFFE/SPIRE-class); no shared service certificate | Workload identity verified at every hop; certificate revocation honoured (OCSP stapling / short-lived certificates per ACME) | Applies to MCP transport — mTLS at the gateway-to-MCP-server boundary; AI-API consumption via signed-and-attested workload identity where the AI provider supports it |
 
+D3FEND technique IDs above resolve against `data/d3fend-catalog.json`; framework-gap rationales for each layer cross-walk to the matching entries in `data/framework-control-gaps.json` (notably `OWASP-ASVS-v5.0-V14`, `NIST-800-53-AC-2`, `NIST-800-218-SSDF`, `ISO-27001-2022-A.8.28`, `NIS2-Art21-incident-handling`, `UK-CAF-B2`, and `AU-Essential-8-App-Hardening`) so the defensive layer chosen for any finding can be cross-cited to both the offensive ATT&CK / ATLAS technique (`data/attack-techniques.json`, `data/atlas-ttps.json`) and the missing framework control in one operator pass.
+
 ---
 
 ## Hand-Off / Related Skills

package/skills/attack-surface-pentest/skill.md

@@ -280,6 +280,8 @@ Sequence remediation by RWEP descending, with live-patchable items inside RWEP t
 
 ## Output Format
 
+The skill produces a Penetration Test Report covering scoped attack surface, engagement window, per-finding RWEP-prioritized severity, exploit-chain narrative, and prioritized remediation. The shape below is consumed downstream by `incident-response-playbook` (which scopes IR for any findings that crossed into production data), by `exploit-scoring` (which validates the per-finding RWEP score), and by `compliance-theater` (which compares the findings against the org's claimed control coverage). Preserve the per-finding evidence chain verbatim — it is the load-bearing field for client legal-review and any subsequent disclosure obligation.
+
 ```
 ## Penetration Test Report — [Engagement Name]
 

package/skills/cloud-iam-incident/skill.md

@@ -88,7 +88,7 @@ Cloud-IAM compromise has been the dominant cloud-breach root cause across all th
 
 2. **2024-2025 AWS-key-in-public-repo crypto-mining campaigns.** Scraper bots monitoring the GitHub firehose monetise within ~5 minutes of public exposure. Typical spend pattern: 50-500 USD/hour of GPU instances in an unused region (where the victim has no resources to alert on regional anomalies). Common compromise window: 30 minutes to 4 hours before the victim notices. Even after revocation, the attacker often establishes long-lived persistence by creating their own IAM user with AdministratorAccess inside the compromised account before the original key is revoked.
 
-3. **2026 Azure managed-identity token replay (CVE-2026-21370-adjacent class).** Attackers with limited code-execution on an Azure VM (often via SSRF in a hosted web application) steal the managed-identity token from the IMDS endpoint at 169.254.169.254. The token is valid for its TTL (default 24h on most managed-identity scopes) and can be replayed from the attacker's infrastructure. Azure Continuous Access Evaluation is the long-term mitigation; rollout is incomplete in most large estates.
+3. **2026 Azure managed-identity token replay (design-class issue, not a single CVE).** Attackers with limited code-execution on an Azure VM (often via SSRF in a hosted web application) steal the managed-identity token from the IMDS endpoint at 169.254.169.254. The token is valid for its TTL (default 24h on most managed-identity scopes) and can be replayed from the attacker's infrastructure. Azure Continuous Access Evaluation is the long-term mitigation; rollout is incomplete in most large estates.
 
 4. **Scattered Spider AWS-MFA-bypass via help-desk social engineering.** Continuous 2023-2026 pattern. Voice-cloned or socially-engineered help-desk agent resets MFA on a privileged user, attacker logs in, escalates via either (a) creating their own IAM user with AdministratorAccess for persistence, (b) directly assuming a privileged role into a production account, or (c) modifying the federated IdP trust policy to grant ongoing access. Help-desk OOB-callback policy + voice-channel deepfake-resistant verification is the operational mitigation; coverage is fragmentary.
 

package/skills/cloud-security/skill.md

@@ -258,6 +258,8 @@ For each jurisdiction the operator is exposed to (US / EU / UK / AU / JP / SG /
 
 ## Output Format
 
+The skill produces a Cloud Security Posture Assessment covering per-cloud (AWS / Azure / GCP / OCI / Alibaba) CIS Benchmark coverage, CSA CCM v4 control mapping, IAM least-privilege posture, IMDS / SSRF / metadata-service hardening, KMS / HSM key-management, and the prioritized remediation roadmap. The shape below is consumed downstream by `cloud-iam-incident` (which scopes IR with the IAM-finding list), by `container-runtime-security` (for workload-tier issues), and by `compliance-theater` (which compares the per-cloud control coverage against FedRAMP / IRAP / C5 / ENS / ISMAP claims). Preserve the per-control CIS Benchmark rows verbatim — they are the auditable evidence chain.
+
 Produce this structure verbatim:
 
 ```