@blamejs/exceptd-skills 0.13.3 → 0.13.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (71) hide show
  1. package/AGENTS.md +41 -4
  2. package/CHANGELOG.md +64 -0
  3. package/README.md +79 -13
  4. package/bin/exceptd.js +117 -9
  5. package/data/_indexes/_meta.json +44 -44
  6. package/data/_indexes/activity-feed.json +3 -3
  7. package/data/_indexes/catalog-summaries.json +3 -3
  8. package/data/_indexes/chains.json +0 -32
  9. package/data/_indexes/handoff-dag.json +127 -57
  10. package/data/_indexes/section-offsets.json +465 -411
  11. package/data/_indexes/summary-cards.json +34 -34
  12. package/data/_indexes/token-budget.json +298 -268
  13. package/data/cve-catalog.json +4 -146
  14. package/data/exploit-availability.json +0 -27
  15. package/data/framework-control-gaps.json +2 -2
  16. package/data/playbooks/ai-discovered-cve-triage.json +1146 -0
  17. package/data/playbooks/cicd-pipeline-compromise.json +3 -0
  18. package/data/playbooks/cred-stores.json +1 -0
  19. package/data/playbooks/crypto.json +3 -0
  20. package/data/playbooks/framework.json +3 -0
  21. package/data/playbooks/idp-incident.json +2 -1
  22. package/data/playbooks/kernel.json +1 -0
  23. package/data/playbooks/mcp.json +27 -2
  24. package/data/playbooks/post-quantum-migration.json +1268 -0
  25. package/data/playbooks/runtime.json +1 -0
  26. package/data/playbooks/sbom.json +3 -0
  27. package/data/playbooks/supply-chain-recovery.json +1332 -0
  28. package/data/zeroday-lessons.json +0 -89
  29. package/lib/schemas/cve-catalog.schema.json +2 -1
  30. package/lib/schemas/playbook.schema.json +5 -0
  31. package/lib/validate-cve-catalog.js +27 -0
  32. package/manifest.json +80 -80
  33. package/orchestrator/index.js +58 -1
  34. package/package.json +1 -1
  35. package/sbom.cdx.json +99 -66
  36. package/skills/age-gates-child-safety/skill.md +2 -0
  37. package/skills/ai-attack-surface/skill.md +2 -0
  38. package/skills/ai-c2-detection/skill.md +2 -0
  39. package/skills/ai-risk-management/skill.md +2 -0
  40. package/skills/api-security/skill.md +2 -0
  41. package/skills/attack-surface-pentest/skill.md +2 -0
  42. package/skills/cloud-security/skill.md +2 -0
  43. package/skills/compliance-theater/skill.md +28 -2
  44. package/skills/container-runtime-security/skill.md +2 -0
  45. package/skills/coordinated-vuln-disclosure/skill.md +1 -1
  46. package/skills/defensive-countermeasure-mapping/skill.md +2 -0
  47. package/skills/dlp-gap-analysis/skill.md +2 -0
  48. package/skills/exploit-scoring/skill.md +30 -1
  49. package/skills/framework-gap-analysis/skill.md +28 -1
  50. package/skills/fuzz-testing-strategy/skill.md +4 -2
  51. package/skills/global-grc/skill.md +2 -0
  52. package/skills/identity-assurance/skill.md +2 -0
  53. package/skills/kernel-lpe-triage/skill.md +2 -0
  54. package/skills/mcp-agent-trust/skill.md +4 -0
  55. package/skills/mlops-security/skill.md +2 -0
  56. package/skills/ot-ics-security/skill.md +2 -0
  57. package/skills/policy-exception-gen/skill.md +28 -1
  58. package/skills/pqc-first/skill.md +2 -0
  59. package/skills/rag-pipeline-security/skill.md +2 -0
  60. package/skills/researcher/skill.md +2 -0
  61. package/skills/sector-energy/skill.md +2 -0
  62. package/skills/sector-federal-government/skill.md +2 -0
  63. package/skills/sector-financial/skill.md +2 -0
  64. package/skills/sector-healthcare/skill.md +2 -0
  65. package/skills/security-maturity-tiers/skill.md +2 -0
  66. package/skills/skill-update-loop/skill.md +2 -0
  67. package/skills/supply-chain-integrity/skill.md +2 -0
  68. package/skills/threat-model-currency/skill.md +37 -1
  69. package/skills/threat-modeling-methodology/skill.md +2 -0
  70. package/skills/webapp-security/skill.md +2 -0
  71. package/skills/zeroday-gap-learn/skill.md +33 -1
package/data/_indexes/activity-feed.json CHANGED
@@ -55,7 +55,7 @@
55
55
  "artifact": "data/exploit-availability.json",
56
56
  "path": "data/exploit-availability.json",
57
57
  "schema_version": "1.1.0",
58
- "entry_count": 30
58
+ "entry_count": 28
59
59
  },
60
60
  {
61
61
  "date": "2026-05-15",
@@ -87,7 +87,7 @@
87
87
  "artifact": "data/zeroday-lessons.json",
88
88
  "path": "data/zeroday-lessons.json",
89
89
  "schema_version": "1.1.0",
90
- "entry_count": 39
90
+ "entry_count": 38
91
91
  },
92
92
  {
93
93
  "date": "2026-05-15",
@@ -102,7 +102,7 @@
102
102
  "artifact": "data/cve-catalog.json",
103
103
  "path": "data/cve-catalog.json",
104
104
  "schema_version": "1.0.0",
105
- "entry_count": 40
105
+ "entry_count": 38
106
106
  },
107
107
  {
108
108
  "date": "2026-05-13",
package/data/_indexes/catalog-summaries.json CHANGED
@@ -62,7 +62,7 @@
62
62
  "rebuild_after_days": 365,
63
63
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
64
64
  },
65
- "entry_count": 40,
65
+ "entry_count": 38,
66
66
  "sample_keys": [
67
67
  "CVE-2025-53773",
68
68
  "CVE-2026-30615",
@@ -150,7 +150,7 @@
150
150
  "rebuild_after_days": 365,
151
151
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
152
152
  },
153
- "entry_count": 30,
153
+ "entry_count": 28,
154
154
  "sample_keys": [
155
155
  "CVE-2025-53773",
156
156
  "CVE-2026-30615",
@@ -238,7 +238,7 @@
238
238
  "rebuild_after_days": 365,
239
239
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
240
240
  },
241
- "entry_count": 39,
241
+ "entry_count": 38,
242
242
  "sample_keys": [
243
243
  "CVE-2026-31431",
244
244
  "CVE-2025-53773",
package/data/_indexes/chains.json CHANGED
@@ -4359,38 +4359,6 @@
4359
4359
  "rfc_refs": []
4360
4360
  }
4361
4361
  },
4362
- "MAL-2026-ANTHROPIC-MCP-STDIO": {
4363
- "name": "Anthropic SDK MCP STDIO command-injection (embargoed)",
4364
- "rwep": 25,
4365
- "cvss": 9,
4366
- "cisa_kev": false,
4367
- "epss_score": null,
4368
- "referencing_skills": [],
4369
- "chain": {
4370
- "cwes": [],
4371
- "atlas": [],
4372
- "d3fend": [],
4373
- "framework_gaps": [],
4374
- "attack_refs": [],
4375
- "rfc_refs": []
4376
- }
4377
- },
4378
- "CVE-2026-GTIG-AI-2FA": {
4379
- "name": "GTIG-tracked AI-built 2FA-bypass zero-day (placeholder)",
4380
- "rwep": 55,
4381
- "cvss": 8.1,
4382
- "cisa_kev": false,
4383
- "epss_score": null,
4384
- "referencing_skills": [],
4385
- "chain": {
4386
- "cwes": [],
4387
- "atlas": [],
4388
- "d3fend": [],
4389
- "framework_gaps": [],
4390
- "attack_refs": [],
4391
- "rfc_refs": []
4392
- }
4393
- },
4394
4362
  "CVE-2026-30623": {
4395
4363
  "name": "Anthropic MCP SDK stdio command-injection",
4396
4364
  "rwep": 30,
package/data/_indexes/handoff-dag.json CHANGED
@@ -49,20 +49,42 @@
49
49
  "compliance-theater",
50
50
  "defensive-countermeasure-mapping",
51
51
  "exploit-scoring",
52
+ "incident-response-playbook",
52
53
  "policy-exception-gen"
53
54
  ],
54
- "ai-attack-surface": [],
55
+ "ai-attack-surface": [
56
+ "incident-response-playbook",
57
+ "mcp-agent-trust",
58
+ "rag-pipeline-security"
59
+ ],
55
60
  "mcp-agent-trust": [
61
+ "ai-attack-surface",
56
62
  "attack-surface-pentest",
63
+ "compliance-theater",
57
64
  "defensive-countermeasure-mapping",
58
65
  "dlp-gap-analysis",
59
66
  "framework-gap-analysis",
60
67
  "supply-chain-integrity"
61
68
  ],
62
69
  "framework-gap-analysis": [],
63
- "compliance-theater": [],
70
+ "compliance-theater": [
71
+ "ai-attack-surface",
72
+ "ai-c2-detection",
73
+ "email-security-anti-phishing",
74
+ "framework-gap-analysis",
75
+ "global-grc",
76
+ "identity-assurance",
77
+ "incident-response-playbook",
78
+ "kernel-lpe-triage",
79
+ "mcp-agent-trust",
80
+ "mlops-security",
81
+ "policy-exception-gen",
82
+ "supply-chain-integrity"
83
+ ],
64
84
  "exploit-scoring": [
65
85
  "ai-attack-surface",
86
+ "compliance-theater",
87
+ "incident-response-playbook",
66
88
  "kernel-lpe-triage",
67
89
  "mcp-agent-trust"
68
90
  ],
@@ -71,25 +93,42 @@
71
93
  "attack-surface-pentest",
72
94
  "defensive-countermeasure-mapping",
73
95
  "dlp-gap-analysis",
96
+ "mlops-security",
74
97
  "supply-chain-integrity"
75
98
  ],
76
99
  "ai-c2-detection": [
100
+ "ai-attack-surface",
77
101
  "attack-surface-pentest",
78
102
  "compliance-theater",
79
103
  "defensive-countermeasure-mapping",
80
104
  "dlp-gap-analysis",
105
+ "incident-response-playbook",
81
106
  "mcp-agent-trust"
82
107
  ],
83
108
  "policy-exception-gen": [],
84
- "threat-model-currency": [],
85
- "global-grc": [],
109
+ "threat-model-currency": [
110
+ "ai-attack-surface",
111
+ "framework-gap-analysis",
112
+ "global-grc",
113
+ "kernel-lpe-triage",
114
+ "policy-exception-gen"
115
+ ],
116
+ "global-grc": [
117
+ "framework-gap-analysis",
118
+ "policy-exception-gen"
119
+ ],
86
120
  "zeroday-gap-learn": [
87
121
  "ai-attack-surface",
88
122
  "ai-c2-detection",
123
+ "defensive-countermeasure-mapping",
124
+ "framework-gap-analysis",
89
125
  "kernel-lpe-triage",
90
126
  "mcp-agent-trust"
91
127
  ],
92
- "pqc-first": [],
128
+ "pqc-first": [
129
+ "compliance-theater",
130
+ "framework-gap-analysis"
131
+ ],
93
132
  "skill-update-loop": [
94
133
  "ai-c2-detection",
95
134
  "ai-risk-management",
@@ -113,7 +152,11 @@
113
152
  "threat-modeling-methodology",
114
153
  "webapp-security"
115
154
  ],
116
- "security-maturity-tiers": [],
155
+ "security-maturity-tiers": [
156
+ "compliance-theater",
157
+ "global-grc",
158
+ "policy-exception-gen"
159
+ ],
117
160
  "researcher": [
118
161
  "age-gates-child-safety",
119
162
  "ai-attack-surface",
@@ -154,14 +197,25 @@
154
197
  "zeroday-gap-learn"
155
198
  ],
156
199
  "attack-surface-pentest": [
200
+ "compliance-theater",
201
+ "exploit-scoring",
202
+ "incident-response-playbook",
157
203
  "kernel-lpe-triage"
158
204
  ],
159
- "fuzz-testing-strategy": [],
205
+ "fuzz-testing-strategy": [
206
+ "compliance-theater",
207
+ "zeroday-gap-learn"
208
+ ],
160
209
  "dlp-gap-analysis": [
161
- "ai-c2-detection"
210
+ "ai-attack-surface",
211
+ "ai-c2-detection",
212
+ "compliance-theater",
213
+ "email-security-anti-phishing"
162
214
  ],
163
215
  "supply-chain-integrity": [
216
+ "compliance-theater",
164
217
  "mcp-agent-trust",
218
+ "mlops-security",
165
219
  "pqc-first"
166
220
  ],
167
221
  "defensive-countermeasure-mapping": [
@@ -176,6 +230,8 @@
176
230
  "compliance-theater",
177
231
  "defensive-countermeasure-mapping",
178
232
  "dlp-gap-analysis",
233
+ "email-security-anti-phishing",
234
+ "idp-incident-response",
179
235
  "mcp-agent-trust",
180
236
  "pqc-first",
181
237
  "supply-chain-integrity"
@@ -189,9 +245,11 @@
189
245
  "framework-gap-analysis",
190
246
  "global-grc",
191
247
  "identity-assurance",
248
+ "incident-response-playbook",
192
249
  "kernel-lpe-triage",
193
250
  "mcp-agent-trust",
194
251
  "policy-exception-gen",
252
+ "sector-energy",
195
253
  "supply-chain-integrity"
196
254
  ],
197
255
  "coordinated-vuln-disclosure": [
@@ -213,6 +271,7 @@
213
271
  "defensive-countermeasure-mapping",
214
272
  "framework-gap-analysis",
215
273
  "mcp-agent-trust",
274
+ "policy-exception-gen",
216
275
  "rag-pipeline-security",
217
276
  "researcher",
218
277
  "threat-model-currency",
@@ -221,7 +280,9 @@
221
280
  "webapp-security": [
222
281
  "ai-attack-surface",
223
282
  "ai-c2-detection",
283
+ "api-security",
224
284
  "attack-surface-pentest",
285
+ "compliance-theater",
225
286
  "defensive-countermeasure-mapping",
226
287
  "fuzz-testing-strategy",
227
288
  "identity-assurance",
@@ -252,6 +313,7 @@
252
313
  "framework-gap-analysis",
253
314
  "global-grc",
254
315
  "identity-assurance",
316
+ "incident-response-playbook",
255
317
  "mcp-agent-trust",
256
318
  "ot-ics-security",
257
319
  "policy-exception-gen",
@@ -263,10 +325,12 @@
263
325
  "compliance-theater",
264
326
  "coordinated-vuln-disclosure",
265
327
  "dlp-gap-analysis",
328
+ "email-security-anti-phishing",
266
329
  "exploit-scoring",
267
330
  "framework-gap-analysis",
268
331
  "global-grc",
269
332
  "identity-assurance",
333
+ "incident-response-playbook",
270
334
  "mcp-agent-trust",
271
335
  "policy-exception-gen",
272
336
  "supply-chain-integrity"
@@ -279,6 +343,7 @@
279
343
  "framework-gap-analysis",
280
344
  "global-grc",
281
345
  "identity-assurance",
346
+ "incident-response-playbook",
282
347
  "pqc-first",
283
348
  "supply-chain-integrity"
284
349
  ],
@@ -291,6 +356,7 @@
291
356
  "framework-gap-analysis",
292
357
  "global-grc",
293
358
  "identity-assurance",
359
+ "incident-response-playbook",
294
360
  "kernel-lpe-triage",
295
361
  "mcp-agent-trust",
296
362
  "ot-ics-security",
@@ -301,6 +367,7 @@
301
367
  "sector-telecom": [],
302
368
  "api-security": [
303
369
  "ai-c2-detection",
370
+ "compliance-theater",
304
371
  "defensive-countermeasure-mapping",
305
372
  "dlp-gap-analysis",
306
373
  "identity-assurance",
@@ -311,7 +378,9 @@
311
378
  "ai-attack-surface",
312
379
  "ai-c2-detection",
313
380
  "api-security",
381
+ "cloud-iam-incident",
314
382
  "compliance-theater",
383
+ "container-runtime-security",
315
384
  "defensive-countermeasure-mapping",
316
385
  "dlp-gap-analysis",
317
386
  "exploit-scoring",
@@ -348,6 +417,7 @@
348
417
  "ai-attack-surface",
349
418
  "ai-risk-management",
350
419
  "cloud-security",
420
+ "compliance-theater",
351
421
  "container-runtime-security",
352
422
  "coordinated-vuln-disclosure",
353
423
  "mcp-agent-trust",
@@ -442,90 +512,90 @@
442
512
  },
443
513
  "in_degree": {
444
514
  "age-gates-child-safety": 1,
445
- "ai-attack-surface": 21,
446
- "ai-c2-detection": 11,
515
+ "ai-attack-surface": 26,
516
+ "ai-c2-detection": 12,
447
517
  "ai-risk-management": 5,
448
- "api-security": 3,
518
+ "api-security": 4,
449
519
  "attack-surface-pentest": 13,
450
- "cloud-iam-incident": 0,
520
+ "cloud-iam-incident": 1,
451
521
  "cloud-security": 5,
452
- "compliance-theater": 19,
453
- "container-runtime-security": 3,
522
+ "compliance-theater": 30,
523
+ "container-runtime-security": 4,
454
524
  "coordinated-vuln-disclosure": 12,
455
- "defensive-countermeasure-mapping": 17,
525
+ "defensive-countermeasure-mapping": 18,
456
526
  "dlp-gap-analysis": 15,
457
- "email-security-anti-phishing": 2,
458
- "exploit-scoring": 10,
459
- "framework-gap-analysis": 18,
527
+ "email-security-anti-phishing": 6,
528
+ "exploit-scoring": 11,
529
+ "framework-gap-analysis": 23,
460
530
  "fuzz-testing-strategy": 3,
461
- "global-grc": 12,
462
- "identity-assurance": 17,
463
- "idp-incident-response": 0,
464
- "incident-response-playbook": 7,
465
- "kernel-lpe-triage": 10,
466
- "mcp-agent-trust": 20,
467
- "mlops-security": 3,
531
+ "global-grc": 15,
532
+ "identity-assurance": 18,
533
+ "idp-incident-response": 1,
534
+ "incident-response-playbook": 18,
535
+ "kernel-lpe-triage": 12,
536
+ "mcp-agent-trust": 22,
537
+ "mlops-security": 6,
468
538
  "ot-ics-security": 4,
469
- "policy-exception-gen": 11,
539
+ "policy-exception-gen": 16,
470
540
  "pqc-first": 6,
471
- "rag-pipeline-security": 8,
541
+ "rag-pipeline-security": 9,
472
542
  "ransomware-response": 0,
473
543
  "researcher": 1,
474
- "sector-energy": 3,
544
+ "sector-energy": 4,
475
545
  "sector-federal-government": 6,
476
546
  "sector-financial": 8,
477
547
  "sector-healthcare": 6,
478
548
  "sector-telecom": 1,
479
549
  "security-maturity-tiers": 1,
480
550
  "skill-update-loop": 3,
481
- "supply-chain-integrity": 16,
551
+ "supply-chain-integrity": 17,
482
552
  "threat-model-currency": 6,
483
553
  "threat-modeling-methodology": 4,
484
554
  "webapp-security": 3,
485
- "zeroday-gap-learn": 7
555
+ "zeroday-gap-learn": 8
486
556
  },
487
557
  "out_degree": {
488
558
  "age-gates-child-safety": 10,
489
- "ai-attack-surface": 0,
490
- "ai-c2-detection": 5,
559
+ "ai-attack-surface": 3,
560
+ "ai-c2-detection": 7,
491
561
  "ai-risk-management": 13,
492
- "api-security": 6,
493
- "attack-surface-pentest": 1,
562
+ "api-security": 7,
563
+ "attack-surface-pentest": 4,
494
564
  "cloud-iam-incident": 14,
495
- "cloud-security": 15,
496
- "compliance-theater": 0,
565
+ "cloud-security": 17,
566
+ "compliance-theater": 12,
497
567
  "container-runtime-security": 18,
498
568
  "coordinated-vuln-disclosure": 12,
499
569
  "defensive-countermeasure-mapping": 6,
500
- "dlp-gap-analysis": 1,
570
+ "dlp-gap-analysis": 4,
501
571
  "email-security-anti-phishing": 6,
502
- "exploit-scoring": 3,
572
+ "exploit-scoring": 5,
503
573
  "framework-gap-analysis": 0,
504
- "fuzz-testing-strategy": 0,
505
- "global-grc": 0,
506
- "identity-assurance": 6,
574
+ "fuzz-testing-strategy": 2,
575
+ "global-grc": 2,
576
+ "identity-assurance": 8,
507
577
  "idp-incident-response": 12,
508
578
  "incident-response-playbook": 20,
509
- "kernel-lpe-triage": 5,
510
- "mcp-agent-trust": 5,
511
- "mlops-security": 9,
512
- "ot-ics-security": 12,
579
+ "kernel-lpe-triage": 6,
580
+ "mcp-agent-trust": 7,
581
+ "mlops-security": 10,
582
+ "ot-ics-security": 14,
513
583
  "policy-exception-gen": 0,
514
- "pqc-first": 0,
515
- "rag-pipeline-security": 5,
584
+ "pqc-first": 2,
585
+ "rag-pipeline-security": 6,
516
586
  "ransomware-response": 10,
517
587
  "researcher": 37,
518
- "sector-energy": 14,
519
- "sector-federal-government": 9,
520
- "sector-financial": 12,
521
- "sector-healthcare": 12,
588
+ "sector-energy": 15,
589
+ "sector-federal-government": 10,
590
+ "sector-financial": 14,
591
+ "sector-healthcare": 13,
522
592
  "sector-telecom": 0,
523
- "security-maturity-tiers": 0,
593
+ "security-maturity-tiers": 3,
524
594
  "skill-update-loop": 21,
525
- "supply-chain-integrity": 2,
526
- "threat-model-currency": 0,
527
- "threat-modeling-methodology": 8,
528
- "webapp-security": 8,
529
- "zeroday-gap-learn": 4
595
+ "supply-chain-integrity": 4,
596
+ "threat-model-currency": 5,
597
+ "threat-modeling-methodology": 9,
598
+ "webapp-security": 10,
599
+ "zeroday-gap-learn": 6
530
600
  }
531
601
  }