npm - @blamejs/exceptd-skills - Versions diffs - 0.13.3 → 0.13.4 - Mend

@blamejs/exceptd-skills 0.13.3 → 0.13.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/AGENTS.md +41 -4
package/CHANGELOG.md +34 -0
package/README.md +79 -13
package/data/_indexes/_meta.json +44 -44
package/data/_indexes/activity-feed.json +3 -3
package/data/_indexes/catalog-summaries.json +3 -3
package/data/_indexes/chains.json +0 -32
package/data/_indexes/handoff-dag.json +127 -57
package/data/_indexes/section-offsets.json +465 -411
package/data/_indexes/summary-cards.json +34 -34
package/data/_indexes/token-budget.json +298 -268
package/data/cve-catalog.json +4 -146
package/data/exploit-availability.json +0 -27
package/data/framework-control-gaps.json +2 -2
package/data/zeroday-lessons.json +0 -89
package/lib/schemas/playbook.schema.json +5 -0
package/manifest.json +80 -80
package/package.json +1 -1
package/sbom.cdx.json +53 -53
package/skills/age-gates-child-safety/skill.md +2 -0
package/skills/ai-attack-surface/skill.md +2 -0
package/skills/ai-c2-detection/skill.md +2 -0
package/skills/ai-risk-management/skill.md +2 -0
package/skills/api-security/skill.md +2 -0
package/skills/attack-surface-pentest/skill.md +2 -0
package/skills/cloud-security/skill.md +2 -0
package/skills/compliance-theater/skill.md +28 -2
package/skills/container-runtime-security/skill.md +2 -0
package/skills/coordinated-vuln-disclosure/skill.md +1 -1
package/skills/defensive-countermeasure-mapping/skill.md +2 -0
package/skills/dlp-gap-analysis/skill.md +2 -0
package/skills/exploit-scoring/skill.md +30 -1
package/skills/framework-gap-analysis/skill.md +28 -1
package/skills/fuzz-testing-strategy/skill.md +4 -2
package/skills/global-grc/skill.md +2 -0
package/skills/identity-assurance/skill.md +2 -0
package/skills/kernel-lpe-triage/skill.md +2 -0
package/skills/mcp-agent-trust/skill.md +4 -0
package/skills/mlops-security/skill.md +2 -0
package/skills/ot-ics-security/skill.md +2 -0
package/skills/policy-exception-gen/skill.md +28 -1
package/skills/pqc-first/skill.md +2 -0
package/skills/rag-pipeline-security/skill.md +2 -0
package/skills/researcher/skill.md +2 -0
package/skills/sector-energy/skill.md +2 -0
package/skills/sector-federal-government/skill.md +2 -0
package/skills/sector-financial/skill.md +2 -0
package/skills/sector-healthcare/skill.md +2 -0
package/skills/security-maturity-tiers/skill.md +2 -0
package/skills/skill-update-loop/skill.md +2 -0
package/skills/supply-chain-integrity/skill.md +2 -0
package/skills/threat-model-currency/skill.md +37 -1
package/skills/threat-modeling-methodology/skill.md +2 -0
package/skills/webapp-security/skill.md +2 -0
package/skills/zeroday-gap-learn/skill.md +33 -1

package/data/_indexes/handoff-dag.json CHANGED Viewed

@@ -49,20 +49,42 @@
       "compliance-theater",
       "defensive-countermeasure-mapping",
       "exploit-scoring",
+      "incident-response-playbook",
       "policy-exception-gen"
     ],
-    "ai-attack-surface": [],
+    "ai-attack-surface": [
+      "incident-response-playbook",
+      "mcp-agent-trust",
+      "rag-pipeline-security"
+    ],
     "mcp-agent-trust": [
+      "ai-attack-surface",
       "attack-surface-pentest",
+      "compliance-theater",
       "defensive-countermeasure-mapping",
       "dlp-gap-analysis",
       "framework-gap-analysis",
       "supply-chain-integrity"
     ],
     "framework-gap-analysis": [],
-    "compliance-theater": [],
+    "compliance-theater": [
+      "ai-attack-surface",
+      "ai-c2-detection",
+      "email-security-anti-phishing",
+      "framework-gap-analysis",
+      "global-grc",
+      "identity-assurance",
+      "incident-response-playbook",
+      "kernel-lpe-triage",
+      "mcp-agent-trust",
+      "mlops-security",
+      "policy-exception-gen",
+      "supply-chain-integrity"
+    ],
     "exploit-scoring": [
       "ai-attack-surface",
+      "compliance-theater",
+      "incident-response-playbook",
       "kernel-lpe-triage",
       "mcp-agent-trust"
     ],
@@ -71,25 +93,42 @@
       "attack-surface-pentest",
       "defensive-countermeasure-mapping",
       "dlp-gap-analysis",
+      "mlops-security",
       "supply-chain-integrity"
     ],
     "ai-c2-detection": [
+      "ai-attack-surface",
       "attack-surface-pentest",
       "compliance-theater",
       "defensive-countermeasure-mapping",
       "dlp-gap-analysis",
+      "incident-response-playbook",
       "mcp-agent-trust"
     ],
     "policy-exception-gen": [],
-    "threat-model-currency": [],
-    "global-grc": [],
+    "threat-model-currency": [
+      "ai-attack-surface",
+      "framework-gap-analysis",
+      "global-grc",
+      "kernel-lpe-triage",
+      "policy-exception-gen"
+    ],
+    "global-grc": [
+      "framework-gap-analysis",
+      "policy-exception-gen"
+    ],
     "zeroday-gap-learn": [
       "ai-attack-surface",
       "ai-c2-detection",
+      "defensive-countermeasure-mapping",
+      "framework-gap-analysis",
       "kernel-lpe-triage",
       "mcp-agent-trust"
     ],
-    "pqc-first": [],
+    "pqc-first": [
+      "compliance-theater",
+      "framework-gap-analysis"
+    ],
     "skill-update-loop": [
       "ai-c2-detection",
       "ai-risk-management",
@@ -113,7 +152,11 @@
       "threat-modeling-methodology",
       "webapp-security"
     ],
-    "security-maturity-tiers": [],
+    "security-maturity-tiers": [
+      "compliance-theater",
+      "global-grc",
+      "policy-exception-gen"
+    ],
     "researcher": [
       "age-gates-child-safety",
       "ai-attack-surface",
@@ -154,14 +197,25 @@
       "zeroday-gap-learn"
     ],
     "attack-surface-pentest": [
+      "compliance-theater",
+      "exploit-scoring",
+      "incident-response-playbook",
       "kernel-lpe-triage"
     ],
-    "fuzz-testing-strategy": [],
+    "fuzz-testing-strategy": [
+      "compliance-theater",
+      "zeroday-gap-learn"
+    ],
     "dlp-gap-analysis": [
-      "ai-c2-detection"
+      "ai-attack-surface",
+      "ai-c2-detection",
+      "compliance-theater",
+      "email-security-anti-phishing"
     ],
     "supply-chain-integrity": [
+      "compliance-theater",
       "mcp-agent-trust",
+      "mlops-security",
       "pqc-first"
     ],
     "defensive-countermeasure-mapping": [
@@ -176,6 +230,8 @@
       "compliance-theater",
       "defensive-countermeasure-mapping",
       "dlp-gap-analysis",
+      "email-security-anti-phishing",
+      "idp-incident-response",
       "mcp-agent-trust",
       "pqc-first",
       "supply-chain-integrity"
@@ -189,9 +245,11 @@
       "framework-gap-analysis",
       "global-grc",
       "identity-assurance",
+      "incident-response-playbook",
       "kernel-lpe-triage",
       "mcp-agent-trust",
       "policy-exception-gen",
+      "sector-energy",
       "supply-chain-integrity"
     ],
     "coordinated-vuln-disclosure": [
@@ -213,6 +271,7 @@
       "defensive-countermeasure-mapping",
       "framework-gap-analysis",
       "mcp-agent-trust",
+      "policy-exception-gen",
       "rag-pipeline-security",
       "researcher",
       "threat-model-currency",
@@ -221,7 +280,9 @@
     "webapp-security": [
       "ai-attack-surface",
       "ai-c2-detection",
+      "api-security",
       "attack-surface-pentest",
+      "compliance-theater",
       "defensive-countermeasure-mapping",
       "fuzz-testing-strategy",
       "identity-assurance",
@@ -252,6 +313,7 @@
       "framework-gap-analysis",
       "global-grc",
       "identity-assurance",
+      "incident-response-playbook",
       "mcp-agent-trust",
       "ot-ics-security",
       "policy-exception-gen",
@@ -263,10 +325,12 @@
       "compliance-theater",
       "coordinated-vuln-disclosure",
       "dlp-gap-analysis",
+      "email-security-anti-phishing",
       "exploit-scoring",
       "framework-gap-analysis",
       "global-grc",
       "identity-assurance",
+      "incident-response-playbook",
       "mcp-agent-trust",
       "policy-exception-gen",
       "supply-chain-integrity"
@@ -279,6 +343,7 @@
       "framework-gap-analysis",
       "global-grc",
       "identity-assurance",
+      "incident-response-playbook",
       "pqc-first",
       "supply-chain-integrity"
     ],
@@ -291,6 +356,7 @@
       "framework-gap-analysis",
       "global-grc",
       "identity-assurance",
+      "incident-response-playbook",
       "kernel-lpe-triage",
       "mcp-agent-trust",
       "ot-ics-security",
@@ -301,6 +367,7 @@
     "sector-telecom": [],
     "api-security": [
       "ai-c2-detection",
+      "compliance-theater",
       "defensive-countermeasure-mapping",
       "dlp-gap-analysis",
       "identity-assurance",
@@ -311,7 +378,9 @@
       "ai-attack-surface",
       "ai-c2-detection",
       "api-security",
+      "cloud-iam-incident",
       "compliance-theater",
+      "container-runtime-security",
       "defensive-countermeasure-mapping",
       "dlp-gap-analysis",
       "exploit-scoring",
@@ -348,6 +417,7 @@
       "ai-attack-surface",
       "ai-risk-management",
       "cloud-security",
+      "compliance-theater",
       "container-runtime-security",
       "coordinated-vuln-disclosure",
       "mcp-agent-trust",
@@ -442,90 +512,90 @@
   },
   "in_degree": {
     "age-gates-child-safety": 1,
-    "ai-attack-surface": 21,
-    "ai-c2-detection": 11,
+    "ai-attack-surface": 26,
+    "ai-c2-detection": 12,
     "ai-risk-management": 5,
-    "api-security": 3,
+    "api-security": 4,
     "attack-surface-pentest": 13,
-    "cloud-iam-incident": 0,
+    "cloud-iam-incident": 1,
     "cloud-security": 5,
-    "compliance-theater": 19,
-    "container-runtime-security": 3,
+    "compliance-theater": 30,
+    "container-runtime-security": 4,
     "coordinated-vuln-disclosure": 12,
-    "defensive-countermeasure-mapping": 17,
+    "defensive-countermeasure-mapping": 18,
     "dlp-gap-analysis": 15,
-    "email-security-anti-phishing": 2,
-    "exploit-scoring": 10,
-    "framework-gap-analysis": 18,
+    "email-security-anti-phishing": 6,
+    "exploit-scoring": 11,
+    "framework-gap-analysis": 23,
     "fuzz-testing-strategy": 3,
-    "global-grc": 12,
-    "identity-assurance": 17,
-    "idp-incident-response": 0,
-    "incident-response-playbook": 7,
-    "kernel-lpe-triage": 10,
-    "mcp-agent-trust": 20,
-    "mlops-security": 3,
+    "global-grc": 15,
+    "identity-assurance": 18,
+    "idp-incident-response": 1,
+    "incident-response-playbook": 18,
+    "kernel-lpe-triage": 12,
+    "mcp-agent-trust": 22,
+    "mlops-security": 6,
     "ot-ics-security": 4,
-    "policy-exception-gen": 11,
+    "policy-exception-gen": 16,
     "pqc-first": 6,
-    "rag-pipeline-security": 8,
+    "rag-pipeline-security": 9,
     "ransomware-response": 0,
     "researcher": 1,
-    "sector-energy": 3,
+    "sector-energy": 4,
     "sector-federal-government": 6,
     "sector-financial": 8,
     "sector-healthcare": 6,
     "sector-telecom": 1,
     "security-maturity-tiers": 1,
     "skill-update-loop": 3,
-    "supply-chain-integrity": 16,
+    "supply-chain-integrity": 17,
     "threat-model-currency": 6,
     "threat-modeling-methodology": 4,
     "webapp-security": 3,
-    "zeroday-gap-learn": 7
+    "zeroday-gap-learn": 8
   },
   "out_degree": {
     "age-gates-child-safety": 10,
-    "ai-attack-surface": 0,
-    "ai-c2-detection": 5,
+    "ai-attack-surface": 3,
+    "ai-c2-detection": 7,
     "ai-risk-management": 13,
-    "api-security": 6,
-    "attack-surface-pentest": 1,
+    "api-security": 7,
+    "attack-surface-pentest": 4,
     "cloud-iam-incident": 14,
-    "cloud-security": 15,
-    "compliance-theater": 0,
+    "cloud-security": 17,
+    "compliance-theater": 12,
     "container-runtime-security": 18,
     "coordinated-vuln-disclosure": 12,
     "defensive-countermeasure-mapping": 6,
-    "dlp-gap-analysis": 1,
+    "dlp-gap-analysis": 4,
     "email-security-anti-phishing": 6,
-    "exploit-scoring": 3,
+    "exploit-scoring": 5,
     "framework-gap-analysis": 0,
-    "fuzz-testing-strategy": 0,
-    "global-grc": 0,
-    "identity-assurance": 6,
+    "fuzz-testing-strategy": 2,
+    "global-grc": 2,
+    "identity-assurance": 8,
     "idp-incident-response": 12,
     "incident-response-playbook": 20,
-    "kernel-lpe-triage": 5,
-    "mcp-agent-trust": 5,
-    "mlops-security": 9,
-    "ot-ics-security": 12,
+    "kernel-lpe-triage": 6,
+    "mcp-agent-trust": 7,
+    "mlops-security": 10,
+    "ot-ics-security": 14,
     "policy-exception-gen": 0,
-    "pqc-first": 0,
-    "rag-pipeline-security": 5,
+    "pqc-first": 2,
+    "rag-pipeline-security": 6,
     "ransomware-response": 10,
     "researcher": 37,
-    "sector-energy": 14,
-    "sector-federal-government": 9,
-    "sector-financial": 12,
-    "sector-healthcare": 12,
+    "sector-energy": 15,
+    "sector-federal-government": 10,
+    "sector-financial": 14,
+    "sector-healthcare": 13,
     "sector-telecom": 0,
-    "security-maturity-tiers": 0,
+    "security-maturity-tiers": 3,
     "skill-update-loop": 21,
-    "supply-chain-integrity": 2,
-    "threat-model-currency": 0,
-    "threat-modeling-methodology": 8,
-    "webapp-security": 8,
-    "zeroday-gap-learn": 4
+    "supply-chain-integrity": 4,
+    "threat-model-currency": 5,
+    "threat-modeling-methodology": 9,
+    "webapp-security": 10,
+    "zeroday-gap-learn": 6
   }
 }