@blamejs/exceptd-skills 0.13.62 → 0.13.63
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/data/_indexes/_meta.json +6 -6
- package/data/_indexes/catalog-summaries.json +1 -1
- package/data/_indexes/stale-content.json +2 -8
- package/data/atlas-ttps.json +1 -1
- package/data/framework-control-gaps.json +3 -3
- package/manifest.json +46 -46
- package/package.json +2 -2
- package/sbom.cdx.json +21 -21
- package/scripts/builders/catalog-summaries.js +1 -1
- package/skills/researcher/skill.md +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.13.63 — 2026-05-24
|
|
4
|
+
|
|
5
|
+
Metadata accuracy corrections. Five references still cited MITRE ATLAS v5.1.0 — a catalog descriptor and four control-gap / TTP cross-walk notes — while the shipped catalog tracks v5.6.0. The catalog-summary index and one skill's forecast note dated ATLAS v5.6.0 to February 2026; its release date is May 2026 (2026-05-08). The package description counted 10 intelligence catalogs when 11 ship. The researcher skill described 37 downstream skills (itself the 38th); the library ships 42 (41 downstream).
|
|
6
|
+
|
|
3
7
|
## 0.13.62 — 2026-05-24
|
|
4
8
|
|
|
5
9
|
Threat-framework version pins are now consistent across the full surface. The remaining skills and the source registry cite MITRE ATT&CK v19.0 (April 2026); `attack-surface-pentest` and `skill-update-loop` still described the superseded v17 matrix, and `sources/index.json` pointed callers at v17 / 2025-06-25. The same registry's ATLAS pointer is corrected to v5.6.0 (May 2026) — it had drifted to v5.1.0 while every other surface moved on. A new guard refuses any operator-facing reference to an ATT&CK version older than the catalog pin, while permitting forward-looking references so forward-watch entries naming the next release cycle stay intact.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,18 +1,18 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-24T15:29:21.057Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
8
|
-
"data/atlas-ttps.json": "
|
|
7
|
+
"manifest.json": "3be89a674691acd2ea97c62841b563b53f76cf22d1350f4b395f1259d684986b",
|
|
8
|
+
"data/atlas-ttps.json": "019f12d24dc45ef8f5ae8812dec7c31a9506429a94751aaa559890a007ec6b22",
|
|
9
9
|
"data/attack-techniques.json": "49b6010b317edd219def135171ea8f3b1bbf1e00e9c5a08bf7237215ff54e2c3",
|
|
10
10
|
"data/cve-catalog.json": "a09c83af3f9679a7ea73935726a1ff9de2cab94b4ab6321fc017fc147747d7c3",
|
|
11
11
|
"data/cwe-catalog.json": "c56e74b8c9290583b1d6fdd21b54bd65a254c58890c5f683379788ca7b080e9d",
|
|
12
12
|
"data/d3fend-catalog.json": "4271102f8c38999444bcd981c1cf5feb4ad09f8c0b1d9b79df3f1a82f4fb50f0",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
14
14
|
"data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
|
|
15
|
-
"data/framework-control-gaps.json": "
|
|
15
|
+
"data/framework-control-gaps.json": "2f6147edef1cdec29ae755ec42021038145a702d908a1d5cf0a42e2484cbc786",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "926ea25892e052fc6a8b9952afc1d8e2bd06c4aec223a1a7aa79ef1dfd7b7bb5",
|
|
18
18
|
"data/zeroday-lessons.json": "7242a7349ac79a74813bf2b7486b6000c0c877e71cec17e2d68df33bc4007b93",
|
|
@@ -31,7 +31,7 @@
|
|
|
31
31
|
"skills/pqc-first/skill.md": "3b41b59eb4e8480b691ff17185f42b9fbfd7665e369fc210feba496688cc77aa",
|
|
32
32
|
"skills/skill-update-loop/skill.md": "f7cd18df293b90c0d2afb6ba8b87664419becea6b63221f03efaf09c69586025",
|
|
33
33
|
"skills/security-maturity-tiers/skill.md": "2e46c9332a5a6190d4605ba7bc653410659be19fab50c78c0a6732f84ebdb300",
|
|
34
|
-
"skills/researcher/skill.md": "
|
|
34
|
+
"skills/researcher/skill.md": "0f55168c5cbcf8f8ad2760e7f782ca171a1a82a1f92c5123cb3c80d769386c7a",
|
|
35
35
|
"skills/attack-surface-pentest/skill.md": "d6ea35136f93eb4aa75b65a5ae402353b0e2c63a83acece1606fe3f5d1ec6a8d",
|
|
36
36
|
"skills/fuzz-testing-strategy/skill.md": "86e7bf537e4313b932acaba6282a4514336066a740bdbee4e7cbea2d2ef05b54",
|
|
37
37
|
"skills/dlp-gap-analysis/skill.md": "b5183b5ea6fad6986500d7a04e83239a5fbf4272eaa6888b8be6420ce3d36ac5",
|
|
@@ -87,7 +87,7 @@
|
|
|
87
87
|
"frequency_fields": 7,
|
|
88
88
|
"activity_feed_events": 54,
|
|
89
89
|
"catalog_summaries": 11,
|
|
90
|
-
"stale_content_findings":
|
|
90
|
+
"stale_content_findings": 1
|
|
91
91
|
},
|
|
92
92
|
"invalidation_note": "If any source file in source_hashes has a different SHA-256 than recorded here, the indexes are stale. Re-run `npm run build-indexes`."
|
|
93
93
|
}
|
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
"catalogs": {
|
|
8
8
|
"atlas-ttps.json": {
|
|
9
9
|
"path": "data/atlas-ttps.json",
|
|
10
|
-
"purpose": "MITRE ATLAS TTPs (AML.T0xxx) cited by skills, with tactic, name, description. Pinned to ATLAS v5.6.0 (
|
|
10
|
+
"purpose": "MITRE ATLAS TTPs (AML.T0xxx) cited by skills, with tactic, name, description. Pinned to ATLAS v5.6.0 (May 2026).",
|
|
11
11
|
"schema_version": "1.0.0",
|
|
12
12
|
"last_updated": "2026-05-19",
|
|
13
13
|
"tlp": "CLEAR",
|
|
@@ -3,10 +3,10 @@
|
|
|
3
3
|
"schema_version": "1.0.0",
|
|
4
4
|
"reference_date": "2026-05-15",
|
|
5
5
|
"note": "Stale-content snapshot derived from audit-cross-skill checks. Re-runs of build-indexes against the same inputs produce byte-identical output (reference_date is manifest.threat_review_date, not 'now'). audit-cross-skill.js remains the canonical interactive audit.",
|
|
6
|
-
"finding_count":
|
|
6
|
+
"finding_count": 1,
|
|
7
7
|
"by_severity": {
|
|
8
8
|
"high": 0,
|
|
9
|
-
"medium":
|
|
9
|
+
"medium": 1,
|
|
10
10
|
"low": 0
|
|
11
11
|
}
|
|
12
12
|
},
|
|
@@ -16,12 +16,6 @@
|
|
|
16
16
|
"category": "badge_drift",
|
|
17
17
|
"artifact": "README.md",
|
|
18
18
|
"detail": "jurisdictions badge shows 35, live count is 34"
|
|
19
|
-
},
|
|
20
|
-
{
|
|
21
|
-
"severity": "medium",
|
|
22
|
-
"category": "researcher_claim_drift",
|
|
23
|
-
"artifact": "skills/researcher/skill.md",
|
|
24
|
-
"detail": "claims 37 specialized skills downstream; live count is 41"
|
|
25
19
|
}
|
|
26
20
|
]
|
|
27
21
|
}
|
package/data/atlas-ttps.json
CHANGED
|
@@ -512,7 +512,7 @@
|
|
|
512
512
|
"Multiple production AI assistant prompt injection incidents 2025-2026"
|
|
513
513
|
],
|
|
514
514
|
"framework_gap": true,
|
|
515
|
-
"framework_gap_detail": "No framework has a control for prompt injection as an access control failure vector. The attack uses the AI service account's authorized permissions — from AC-2's perspective, the access is authorized. MITRE ATLAS v5.
|
|
515
|
+
"framework_gap_detail": "No framework has a control for prompt injection as an access control failure vector. The attack uses the AI service account's authorized permissions — from AC-2's perspective, the access is authorized. MITRE ATLAS v5.6.0 documents the technique; no framework has implemented controls. OWASP LLM Top 10 documents the class; it is not incorporated in any compliance framework.",
|
|
516
516
|
"controls_that_partially_help": [
|
|
517
517
|
"NIST-800-53-AC-2",
|
|
518
518
|
"ISO-27001-2022-A.8.28"
|
|
@@ -365,7 +365,7 @@
|
|
|
365
365
|
"Treating 'Top 25 addressed' as a compliance signal creates a compliance-theatre risk for organisations with significant AI surface",
|
|
366
366
|
"No cross-walk requirement to ATLAS TTPs — CWE addresses weaknesses; ATLAS addresses adversary techniques. Both are needed for AI coverage"
|
|
367
367
|
],
|
|
368
|
-
"real_requirement": "Programmes that claim 'Top 25 addressed' as compliance evidence must additionally: (1) enumerate AI-relevant CWEs outside the Top 25 (CWE-1426 Improper Output Validation, CWE-1039 Inadequate Detection of Adversarial Input, CWE-1230 Exposure of Sensitive Info Through Metadata) with explicit treatment, (2) cross-walk to ATLAS v5.
|
|
368
|
+
"real_requirement": "Programmes that claim 'Top 25 addressed' as compliance evidence must additionally: (1) enumerate AI-relevant CWEs outside the Top 25 (CWE-1426 Improper Output Validation, CWE-1039 Inadequate Detection of Adversarial Input, CWE-1230 Exposure of Sensitive Info Through Metadata) with explicit treatment, (2) cross-walk to ATLAS v5.6.0 TTPs for adversarial coverage, (3) re-baseline against the next-published Top 25 with delta analysis. Aligns with EU CRA Annex I, UK NCSC, AU ISM, ISO 27001 A.8.28.",
|
|
369
369
|
"status": "open",
|
|
370
370
|
"opened_date": "2026-05-11",
|
|
371
371
|
"evidence_cves": [],
|
|
@@ -1586,7 +1586,7 @@
|
|
|
1586
1586
|
"LLM-API-as-C2 (SesameOp pattern, ATLAS AML.T0096) is not in the clause 6.1.2 example threat list — risk register templates omit it",
|
|
1587
1587
|
"No requirement to link AI risk register entries to specific TTP IDs (ATLAS / ATT&CK) — risks remain framework-internal abstractions"
|
|
1588
1588
|
],
|
|
1589
|
-
"real_requirement": "Clause 6.1.2 risk registers must (1) ingest ATLAS v5.
|
|
1589
|
+
"real_requirement": "Clause 6.1.2 risk registers must (1) ingest ATLAS v5.6.0 TTPs as enumerated AI-specific threat sources, (2) cross-reference jurisdictional obligations (EU AI Act Annex III, NIS2 Art. 21, DORA Art. 28, UK CAF B4, AU ISM AI annex, ISO 27001:2022 A.5.7), (3) include AI-API-as-C2 and prompt-injection-as-RCE as named scenarios, (4) be re-run on threat-intel triggers, not only on calendar cycles.",
|
|
1590
1590
|
"status": "open",
|
|
1591
1591
|
"opened_date": "2026-05-11",
|
|
1592
1592
|
"evidence_cves": [],
|
|
@@ -6199,7 +6199,7 @@
|
|
|
6199
6199
|
}
|
|
6200
6200
|
},
|
|
6201
6201
|
"ATLAS-AML.T0048": {
|
|
6202
|
-
"framework": "MITRE ATLAS v5.
|
|
6202
|
+
"framework": "MITRE ATLAS v5.6.0",
|
|
6203
6203
|
"control_id": "AML.T0048",
|
|
6204
6204
|
"control_name": "External Harms — ML Supply Chain Compromise (bundled-codec / inference-server class)",
|
|
6205
6205
|
"designed_for": "ATLAS AML.T0048 catalogues external harms from ML supply-chain compromise, including malicious model weights, poisoned training data, and compromised ML libraries. The technique-level guidance covers detection and mitigation at the model-artifact and library-consumption layer.",
|
package/manifest.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "exceptd-security",
|
|
3
|
-
"version": "0.13.
|
|
3
|
+
"version": "0.13.63",
|
|
4
4
|
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
|
|
5
5
|
"homepage": "https://exceptd.com",
|
|
6
6
|
"license": "Apache-2.0",
|
|
@@ -53,7 +53,7 @@
|
|
|
53
53
|
],
|
|
54
54
|
"last_threat_review": "2026-05-01",
|
|
55
55
|
"signature": "lXhZgoIrrVloO3XaTvo/43AxZn4mwErstd7DR0O/oVhD3AOGODM4HqrageYEou9WKOdMEGP5mJNTjJsXdP5NDA==",
|
|
56
|
-
"signed_at": "2026-05-
|
|
56
|
+
"signed_at": "2026-05-24T15:26:02.678Z",
|
|
57
57
|
"cwe_refs": [
|
|
58
58
|
"CWE-125",
|
|
59
59
|
"CWE-362",
|
|
@@ -117,7 +117,7 @@
|
|
|
117
117
|
],
|
|
118
118
|
"last_threat_review": "2026-05-01",
|
|
119
119
|
"signature": "vSVqu4wBm+d68ujZmM6Rto/HzViCkE0gPUcv/MYE/bjFiqamf/s0On4kTOo1KIveV9cOwYNxiItaGEWlVkRFDg==",
|
|
120
|
-
"signed_at": "2026-05-
|
|
120
|
+
"signed_at": "2026-05-24T15:26:02.679Z",
|
|
121
121
|
"cwe_refs": [
|
|
122
122
|
"CWE-1039",
|
|
123
123
|
"CWE-1426",
|
|
@@ -180,7 +180,7 @@
|
|
|
180
180
|
],
|
|
181
181
|
"last_threat_review": "2026-05-01",
|
|
182
182
|
"signature": "RIgXKvolQjgJdnlrDnVOd90IOY1B7VHHZD/YJQRzouL+wUeOLclPrdK/EgEuFyiu7lR4bi+Pl6aGB9G9tOxYCQ==",
|
|
183
|
-
"signed_at": "2026-05-
|
|
183
|
+
"signed_at": "2026-05-24T15:26:02.679Z",
|
|
184
184
|
"cwe_refs": [
|
|
185
185
|
"CWE-22",
|
|
186
186
|
"CWE-345",
|
|
@@ -226,7 +226,7 @@
|
|
|
226
226
|
"framework_gaps": [],
|
|
227
227
|
"last_threat_review": "2026-05-01",
|
|
228
228
|
"signature": "Qd3SBWmUAaaT++e1Ry2wBIz/dCBmNBMl0+4Rb0etvJLES0fIBEAkU1mTbgNZnT5XOg9J5twdUpymWtmKnDDQCQ==",
|
|
229
|
-
"signed_at": "2026-05-
|
|
229
|
+
"signed_at": "2026-05-24T15:26:02.680Z"
|
|
230
230
|
},
|
|
231
231
|
{
|
|
232
232
|
"name": "compliance-theater",
|
|
@@ -257,7 +257,7 @@
|
|
|
257
257
|
],
|
|
258
258
|
"last_threat_review": "2026-05-01",
|
|
259
259
|
"signature": "F2Shxae0ua0gPtvwzTRVzzHaIgJcFDRT3/akLUAZ4aaMQhkleKkcTaTpkjp+pTVEdPfLeLGNCeAOMs+whVYOBg==",
|
|
260
|
-
"signed_at": "2026-05-
|
|
260
|
+
"signed_at": "2026-05-24T15:26:02.680Z"
|
|
261
261
|
},
|
|
262
262
|
{
|
|
263
263
|
"name": "exploit-scoring",
|
|
@@ -286,7 +286,7 @@
|
|
|
286
286
|
],
|
|
287
287
|
"last_threat_review": "2026-05-01",
|
|
288
288
|
"signature": "NA1hoQycvQhSUoG5rwlXX0mOVmGxoXRVezkELGEA2nZOdGis4gXkHT3O6Sfw7zxE4JuMrsCb65TEeOWk9WEPDg==",
|
|
289
|
-
"signed_at": "2026-05-
|
|
289
|
+
"signed_at": "2026-05-24T15:26:02.681Z"
|
|
290
290
|
},
|
|
291
291
|
{
|
|
292
292
|
"name": "rag-pipeline-security",
|
|
@@ -323,7 +323,7 @@
|
|
|
323
323
|
],
|
|
324
324
|
"last_threat_review": "2026-05-01",
|
|
325
325
|
"signature": "aNm8KljKPajh12h5pLqcQ7xHVf4dNqEBqGR+rr0rDWy32g+ZJSydz+yV7ejoQEyELSghiwkwebkhVOdZZ+5LDQ==",
|
|
326
|
-
"signed_at": "2026-05-
|
|
326
|
+
"signed_at": "2026-05-24T15:26:02.681Z",
|
|
327
327
|
"cwe_refs": [
|
|
328
328
|
"CWE-1395",
|
|
329
329
|
"CWE-1426"
|
|
@@ -380,7 +380,7 @@
|
|
|
380
380
|
],
|
|
381
381
|
"last_threat_review": "2026-05-01",
|
|
382
382
|
"signature": "9+hZlZOqZdeACUmamQk66L5levZhhwnFXuYRhdT6Mce99eQaKT7wNfWq12hXQztkRcVRKaFH+a01zwJQwsRQCA==",
|
|
383
|
-
"signed_at": "2026-05-
|
|
383
|
+
"signed_at": "2026-05-24T15:26:02.681Z",
|
|
384
384
|
"d3fend_refs": [
|
|
385
385
|
"D3-CA",
|
|
386
386
|
"D3-CSPP",
|
|
@@ -415,7 +415,7 @@
|
|
|
415
415
|
"framework_gaps": [],
|
|
416
416
|
"last_threat_review": "2026-05-01",
|
|
417
417
|
"signature": "za1NKBpy9LC91F/ESO/qhUfmvVr8GNItQOjR5OJLeHm+2dQ9HHiFWQK2eo53V/n/0uhubuggURA3yS6kJuWwBg==",
|
|
418
|
-
"signed_at": "2026-05-
|
|
418
|
+
"signed_at": "2026-05-24T15:26:02.682Z",
|
|
419
419
|
"cwe_refs": [
|
|
420
420
|
"CWE-1188"
|
|
421
421
|
]
|
|
@@ -443,7 +443,7 @@
|
|
|
443
443
|
"framework_gaps": [],
|
|
444
444
|
"last_threat_review": "2026-05-01",
|
|
445
445
|
"signature": "xiHAhhdufm9hCKU8PLiPE0MX65ej2F4OZwtlWLGLCiie9/km+Kiqbt192LcMvr94v83C98pb9wIaqFsFWft6AQ==",
|
|
446
|
-
"signed_at": "2026-05-
|
|
446
|
+
"signed_at": "2026-05-24T15:26:02.682Z"
|
|
447
447
|
},
|
|
448
448
|
{
|
|
449
449
|
"name": "global-grc",
|
|
@@ -475,7 +475,7 @@
|
|
|
475
475
|
"framework_gaps": [],
|
|
476
476
|
"last_threat_review": "2026-05-01",
|
|
477
477
|
"signature": "oYsSk35N2Uzq7MRofACykylcVwkgPhI4luWZ14vmQT+gUKLyZiKVOUJbe1+7lGl6BYPRN0sUDQ0f7S5Eu5w2Ag==",
|
|
478
|
-
"signed_at": "2026-05-
|
|
478
|
+
"signed_at": "2026-05-24T15:26:02.682Z"
|
|
479
479
|
},
|
|
480
480
|
{
|
|
481
481
|
"name": "zeroday-gap-learn",
|
|
@@ -502,7 +502,7 @@
|
|
|
502
502
|
"framework_gaps": [],
|
|
503
503
|
"last_threat_review": "2026-05-01",
|
|
504
504
|
"signature": "igRqYyU1unRFH40BsPyAR62SPrk8QZv8dPGb8S9O9EvLCNOZAzm3t+HdT/NKqzWHwrpomOzkkkyLfYI/0qTUDA==",
|
|
505
|
-
"signed_at": "2026-05-
|
|
505
|
+
"signed_at": "2026-05-24T15:26:02.683Z"
|
|
506
506
|
},
|
|
507
507
|
{
|
|
508
508
|
"name": "pqc-first",
|
|
@@ -554,7 +554,7 @@
|
|
|
554
554
|
],
|
|
555
555
|
"last_threat_review": "2026-05-01",
|
|
556
556
|
"signature": "i/17u4kJiSpcZAz7LnTyRePFugQOstQ1P4kVoe0oGf4E2/j8oIN9U9DccjUn/YHZhKWIJ2AILG/DMhvMrr3bBg==",
|
|
557
|
-
"signed_at": "2026-05-
|
|
557
|
+
"signed_at": "2026-05-24T15:26:02.683Z",
|
|
558
558
|
"cwe_refs": [
|
|
559
559
|
"CWE-327"
|
|
560
560
|
],
|
|
@@ -601,7 +601,7 @@
|
|
|
601
601
|
],
|
|
602
602
|
"last_threat_review": "2026-05-01",
|
|
603
603
|
"signature": "QuOVaQ4E2Sl39TClbhZ7HA9XrYAyRrDL44HY3RTE7aWLue0hV2cxaBt40ALGmHS++631QGFDlZTLZI77Tr6nAA==",
|
|
604
|
-
"signed_at": "2026-05-
|
|
604
|
+
"signed_at": "2026-05-24T15:26:02.683Z"
|
|
605
605
|
},
|
|
606
606
|
{
|
|
607
607
|
"name": "security-maturity-tiers",
|
|
@@ -638,7 +638,7 @@
|
|
|
638
638
|
],
|
|
639
639
|
"last_threat_review": "2026-05-01",
|
|
640
640
|
"signature": "8Px1s2lDj10/Q6erwEQlXgUHM1+OTruUR8qAHPX7Oo3k/l69N6P9sm0PsafS9wDFtj9l5C/OiLiFgzMlMt6vBw==",
|
|
641
|
-
"signed_at": "2026-05-
|
|
641
|
+
"signed_at": "2026-05-24T15:26:02.684Z",
|
|
642
642
|
"cwe_refs": [
|
|
643
643
|
"CWE-1188"
|
|
644
644
|
]
|
|
@@ -672,8 +672,8 @@
|
|
|
672
672
|
"attack_refs": [],
|
|
673
673
|
"framework_gaps": [],
|
|
674
674
|
"last_threat_review": "2026-05-11",
|
|
675
|
-
"signature": "
|
|
676
|
-
"signed_at": "2026-05-
|
|
675
|
+
"signature": "i1Ko7AfG7z5Z/EI33hmyBJMUntpur9Q/mdfbXYeNSEt4RV0iGdW7HA8yJ8I5TY0cRN1QLHqR3Gw682FaLI3FDA==",
|
|
676
|
+
"signed_at": "2026-05-24T15:26:02.684Z"
|
|
677
677
|
},
|
|
678
678
|
{
|
|
679
679
|
"name": "attack-surface-pentest",
|
|
@@ -744,7 +744,7 @@
|
|
|
744
744
|
"PTES revision incorporating AI-surface enumeration"
|
|
745
745
|
],
|
|
746
746
|
"signature": "IVrZDxI3Ak/xLLqvKA3OXgxCXg2egJQHmkmtQutSa9v/C22HblISVVa610goNwdLDQ4GhIcoFD5q31SKrpALDg==",
|
|
747
|
-
"signed_at": "2026-05-
|
|
747
|
+
"signed_at": "2026-05-24T15:26:02.684Z"
|
|
748
748
|
},
|
|
749
749
|
{
|
|
750
750
|
"name": "fuzz-testing-strategy",
|
|
@@ -804,7 +804,7 @@
|
|
|
804
804
|
"OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
|
|
805
805
|
],
|
|
806
806
|
"signature": "Z7ypCUnXx8JpLtgxxB6RHNi39w74AmrGY1N4ofAGCXhkuM2EaFVm1AU0dvl9UQ1bVLfHKEDGqMO/TwlIY7RABg==",
|
|
807
|
-
"signed_at": "2026-05-
|
|
807
|
+
"signed_at": "2026-05-24T15:26:02.685Z"
|
|
808
808
|
},
|
|
809
809
|
{
|
|
810
810
|
"name": "dlp-gap-analysis",
|
|
@@ -879,7 +879,7 @@
|
|
|
879
879
|
"Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
|
|
880
880
|
],
|
|
881
881
|
"signature": "fgxG344JGYBWWWwFXZ1IzGipWKP7EyBhrsvsbsb0CCGXfv/MvNHVNI6G0zQddCsWX1JeQbhZT3Vk8v1uJKDTDA==",
|
|
882
|
-
"signed_at": "2026-05-
|
|
882
|
+
"signed_at": "2026-05-24T15:26:02.685Z"
|
|
883
883
|
},
|
|
884
884
|
{
|
|
885
885
|
"name": "supply-chain-integrity",
|
|
@@ -956,7 +956,7 @@
|
|
|
956
956
|
"OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
|
|
957
957
|
],
|
|
958
958
|
"signature": "pcLrM98A3vUSZRjwNAk0aZ9umvOwB41XCLLsCOy/IebB2F/06oIrGUKkMHtHwm4pTVPShMMcKdZQQ3jz30FnCg==",
|
|
959
|
-
"signed_at": "2026-05-
|
|
959
|
+
"signed_at": "2026-05-24T15:26:02.685Z"
|
|
960
960
|
},
|
|
961
961
|
{
|
|
962
962
|
"name": "defensive-countermeasure-mapping",
|
|
@@ -1013,7 +1013,7 @@
|
|
|
1013
1013
|
],
|
|
1014
1014
|
"last_threat_review": "2026-05-11",
|
|
1015
1015
|
"signature": "gqF8eU3VBrZhO2WnlcqKa7wm1d2mmWtvpbmx0kNCgHojNV+qEt+Ij84RO6bZvaUqhfYPWizWL79Fa4DL0curAQ==",
|
|
1016
|
-
"signed_at": "2026-05-
|
|
1016
|
+
"signed_at": "2026-05-24T15:26:02.685Z"
|
|
1017
1017
|
},
|
|
1018
1018
|
{
|
|
1019
1019
|
"name": "identity-assurance",
|
|
@@ -1080,7 +1080,7 @@
|
|
|
1080
1080
|
"d3fend_refs": [],
|
|
1081
1081
|
"last_threat_review": "2026-05-11",
|
|
1082
1082
|
"signature": "Wv5hGMeHjlaQK1zwicVCA7AvdKgJBgvcjdpGM9Ywahh9tagAKhbkOjybowDQZzu7OZ3bDkbh6pBYc1Sdwr6NAA==",
|
|
1083
|
-
"signed_at": "2026-05-
|
|
1083
|
+
"signed_at": "2026-05-24T15:26:02.686Z"
|
|
1084
1084
|
},
|
|
1085
1085
|
{
|
|
1086
1086
|
"name": "ot-ics-security",
|
|
@@ -1136,7 +1136,7 @@
|
|
|
1136
1136
|
"d3fend_refs": [],
|
|
1137
1137
|
"last_threat_review": "2026-05-11",
|
|
1138
1138
|
"signature": "8t5qKHd3yWi57dvG36YQkLN/X9bQWqtEiYjay4IfSmqhJpM/xXPaQVKNGz3wscrO8OLKUZ0OaX7Mj5kzpgBKBQ==",
|
|
1139
|
-
"signed_at": "2026-05-
|
|
1139
|
+
"signed_at": "2026-05-24T15:26:02.686Z"
|
|
1140
1140
|
},
|
|
1141
1141
|
{
|
|
1142
1142
|
"name": "coordinated-vuln-disclosure",
|
|
@@ -1188,7 +1188,7 @@
|
|
|
1188
1188
|
"NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
|
|
1189
1189
|
],
|
|
1190
1190
|
"signature": "GDGt4UPqBa04PjlpSmpyihGzd3OgfBN7jaAK5tfwp+LRSs3ygKOdbeivUCCHNagTY1hE6hG2Ou40ADfBFuXeAg==",
|
|
1191
|
-
"signed_at": "2026-05-
|
|
1191
|
+
"signed_at": "2026-05-24T15:26:02.687Z"
|
|
1192
1192
|
},
|
|
1193
1193
|
{
|
|
1194
1194
|
"name": "threat-modeling-methodology",
|
|
@@ -1238,7 +1238,7 @@
|
|
|
1238
1238
|
"PASTA v2 updates incorporating AI/ML application threats"
|
|
1239
1239
|
],
|
|
1240
1240
|
"signature": "rFBpOQEJUPpl+v88Lw/WqVJRhTl80vy0VbPAbzQj3Q0suJRRrJg368I9uKu5LXIBKFDvKxnGIcIzbGg9NUtaCA==",
|
|
1241
|
-
"signed_at": "2026-05-
|
|
1241
|
+
"signed_at": "2026-05-24T15:26:02.687Z"
|
|
1242
1242
|
},
|
|
1243
1243
|
{
|
|
1244
1244
|
"name": "webapp-security",
|
|
@@ -1312,7 +1312,7 @@
|
|
|
1312
1312
|
"d3fend_refs": [],
|
|
1313
1313
|
"last_threat_review": "2026-05-11",
|
|
1314
1314
|
"signature": "ux85YI4t2mVHOyt744Yin1HHy+z11JIFygjKfFfQOBBl5QVV3A267jeIy7utix85irMcpZm/T3yx/ooqiK2tBA==",
|
|
1315
|
-
"signed_at": "2026-05-
|
|
1315
|
+
"signed_at": "2026-05-24T15:26:02.687Z"
|
|
1316
1316
|
},
|
|
1317
1317
|
{
|
|
1318
1318
|
"name": "ai-risk-management",
|
|
@@ -1362,7 +1362,7 @@
|
|
|
1362
1362
|
"d3fend_refs": [],
|
|
1363
1363
|
"last_threat_review": "2026-05-11",
|
|
1364
1364
|
"signature": "IIXnkZ5ZNqFwOto5KfytADTLLZLoyXNZACD1ORZ40P1HUAQxe6u2uyXFzzsfuob4Uy06jNkRGr2FFgCphUH1Cw==",
|
|
1365
|
-
"signed_at": "2026-05-
|
|
1365
|
+
"signed_at": "2026-05-24T15:26:02.688Z"
|
|
1366
1366
|
},
|
|
1367
1367
|
{
|
|
1368
1368
|
"name": "sector-healthcare",
|
|
@@ -1422,7 +1422,7 @@
|
|
|
1422
1422
|
"d3fend_refs": [],
|
|
1423
1423
|
"last_threat_review": "2026-05-11",
|
|
1424
1424
|
"signature": "AhF9KF8ZBlDteciV+F8IBSmFVYCvQOn44GmD4rZjgLoPxfIv/QE1/vSkK32zyqDKtHWkLSXExbkkPkxA/V6dDw==",
|
|
1425
|
-
"signed_at": "2026-05-
|
|
1425
|
+
"signed_at": "2026-05-24T15:26:02.688Z"
|
|
1426
1426
|
},
|
|
1427
1427
|
{
|
|
1428
1428
|
"name": "sector-financial",
|
|
@@ -1503,7 +1503,7 @@
|
|
|
1503
1503
|
"TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
|
|
1504
1504
|
],
|
|
1505
1505
|
"signature": "HQgZvb4ReziEz5rNFr8i/O8/rJEZR+iHRROT7m/D2QUqhrcNISPkYXENsUZlG8xapzy/Ik92ehkseyj4hdmhCQ==",
|
|
1506
|
-
"signed_at": "2026-05-
|
|
1506
|
+
"signed_at": "2026-05-24T15:26:02.688Z"
|
|
1507
1507
|
},
|
|
1508
1508
|
{
|
|
1509
1509
|
"name": "sector-federal-government",
|
|
@@ -1572,7 +1572,7 @@
|
|
|
1572
1572
|
"Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
|
|
1573
1573
|
],
|
|
1574
1574
|
"signature": "linxmsXZiOYtcs71sSWgGCrvb8xQfmxmtTY5PRvZJ0/8FgJulo0tQtejzexYG775s7XhjAmGsDP238BQTQ8ADA==",
|
|
1575
|
-
"signed_at": "2026-05-
|
|
1575
|
+
"signed_at": "2026-05-24T15:26:02.689Z"
|
|
1576
1576
|
},
|
|
1577
1577
|
{
|
|
1578
1578
|
"name": "sector-energy",
|
|
@@ -1637,7 +1637,7 @@
|
|
|
1637
1637
|
"ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
|
|
1638
1638
|
],
|
|
1639
1639
|
"signature": "JjBfc0ovta560Clk0x3QGRM5osFJDwcvpy3rT7QEGdCIL827jzE8QCow1C8deXq+4JhY2sA/d7/8IsxikdlkCg==",
|
|
1640
|
-
"signed_at": "2026-05-
|
|
1640
|
+
"signed_at": "2026-05-24T15:26:02.689Z"
|
|
1641
1641
|
},
|
|
1642
1642
|
{
|
|
1643
1643
|
"name": "sector-telecom",
|
|
@@ -1723,7 +1723,7 @@
|
|
|
1723
1723
|
"O-RAN SFG / WG11 security specifications"
|
|
1724
1724
|
],
|
|
1725
1725
|
"signature": "JWVxKFoKrbX4d+Tko1d4OBdwyg25MfFFKn4CT6E/CzH+YwnU3T6Y76uBQIKg3+gIGTvPduqyvQwQQ5FxKDuPBw==",
|
|
1726
|
-
"signed_at": "2026-05-
|
|
1726
|
+
"signed_at": "2026-05-24T15:26:02.689Z"
|
|
1727
1727
|
},
|
|
1728
1728
|
{
|
|
1729
1729
|
"name": "api-security",
|
|
@@ -1792,7 +1792,7 @@
|
|
|
1792
1792
|
"d3fend_refs": [],
|
|
1793
1793
|
"last_threat_review": "2026-05-11",
|
|
1794
1794
|
"signature": "BmCRCestWqr55+fCynEhtAl5NWLT+xLTkpwS0Icp3SaoZOw/ce3Y6TtqjHRSKn4CBJq7YDiLRWxmhO3MStvOAA==",
|
|
1795
|
-
"signed_at": "2026-05-
|
|
1795
|
+
"signed_at": "2026-05-24T15:26:02.690Z"
|
|
1796
1796
|
},
|
|
1797
1797
|
{
|
|
1798
1798
|
"name": "cloud-security",
|
|
@@ -1873,7 +1873,7 @@
|
|
|
1873
1873
|
"CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
|
|
1874
1874
|
],
|
|
1875
1875
|
"signature": "/DV3pmZwrRySrk1OCbyI+0BQESacjupJfUX3eC2NGtXuYOBro0vndIP+z27heFxumnjU3a9sfla7/U9X+pqnDw==",
|
|
1876
|
-
"signed_at": "2026-05-
|
|
1876
|
+
"signed_at": "2026-05-24T15:26:02.690Z"
|
|
1877
1877
|
},
|
|
1878
1878
|
{
|
|
1879
1879
|
"name": "container-runtime-security",
|
|
@@ -1935,7 +1935,7 @@
|
|
|
1935
1935
|
"d3fend_refs": [],
|
|
1936
1936
|
"last_threat_review": "2026-05-11",
|
|
1937
1937
|
"signature": "E2UGSf9ATyYgzBr8uM/0ubOUmDqo1jVA7f9mVxv6LHfWGCNuQNXDyuNou9VAmUCeeXEeUYIi3AFjXkJqpOkxDA==",
|
|
1938
|
-
"signed_at": "2026-05-
|
|
1938
|
+
"signed_at": "2026-05-24T15:26:02.690Z"
|
|
1939
1939
|
},
|
|
1940
1940
|
{
|
|
1941
1941
|
"name": "mlops-security",
|
|
@@ -2003,10 +2003,10 @@
|
|
|
2003
2003
|
"OpenSSF model-signing emergence to v1.0 — Sigstore-based model-weight signing; track for production adoption and admission-control integration",
|
|
2004
2004
|
"SLSA v1.1 ML profile (draft) — model-provenance extension for training-run attestation chains; track ID and section changes",
|
|
2005
2005
|
"EU AI Act high-risk technical-file implementing acts (2026-2027) — operational requirements for Article 10 / 13 / 15 documentation may pin ML-BOM or model-signing",
|
|
2006
|
-
"MITRE ATLAS v5.6.0 (released
|
|
2006
|
+
"MITRE ATLAS v5.6.0 (released May 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: subsequent ATLAS minor and major releases — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
|
|
2007
2007
|
],
|
|
2008
2008
|
"signature": "IL+DlRCDJN/p08iiJCFkasKcoyjcB0uWrJ6ORLjQcS1HrUa5Xt62QxVjYPHzaevlm5y36ZdmfESqsZJmzK3lCg==",
|
|
2009
|
-
"signed_at": "2026-05-
|
|
2009
|
+
"signed_at": "2026-05-24T15:26:02.691Z"
|
|
2010
2010
|
},
|
|
2011
2011
|
{
|
|
2012
2012
|
"name": "incident-response-playbook",
|
|
@@ -2068,7 +2068,7 @@
|
|
|
2068
2068
|
"NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
|
|
2069
2069
|
],
|
|
2070
2070
|
"signature": "MmjLjlmOMLjhJJ4ZfR8MYlHam+ZB+eSqfh6Nv+DecaG4O5zeo9DBP/iL3cbyDVZxmhnhivgJild2ccYeWTeZAg==",
|
|
2071
|
-
"signed_at": "2026-05-
|
|
2071
|
+
"signed_at": "2026-05-24T15:26:02.691Z"
|
|
2072
2072
|
},
|
|
2073
2073
|
{
|
|
2074
2074
|
"name": "ransomware-response",
|
|
@@ -2148,7 +2148,7 @@
|
|
|
2148
2148
|
],
|
|
2149
2149
|
"last_threat_review": "2026-05-15",
|
|
2150
2150
|
"signature": "ssueL03g9fWlhXpTe+IiY5l7RqQkunN4DTN5QETKE+VOX+qggdjAR8PONxk77ol4xWYmHrM/VcH8CNtXUEvgBA==",
|
|
2151
|
-
"signed_at": "2026-05-
|
|
2151
|
+
"signed_at": "2026-05-24T15:26:02.691Z"
|
|
2152
2152
|
},
|
|
2153
2153
|
{
|
|
2154
2154
|
"name": "email-security-anti-phishing",
|
|
@@ -2201,7 +2201,7 @@
|
|
|
2201
2201
|
"d3fend_refs": [],
|
|
2202
2202
|
"last_threat_review": "2026-05-11",
|
|
2203
2203
|
"signature": "rK+WnuS+9tqEABmwc0jO/PEmxcLjG1/tmUb897HsClQeKzf+TQOlwBE+OsbtuKxpjYNwur62Xxs3TxObkwm8Cw==",
|
|
2204
|
-
"signed_at": "2026-05-
|
|
2204
|
+
"signed_at": "2026-05-24T15:26:02.692Z"
|
|
2205
2205
|
},
|
|
2206
2206
|
{
|
|
2207
2207
|
"name": "age-gates-child-safety",
|
|
@@ -2269,7 +2269,7 @@
|
|
|
2269
2269
|
"US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
|
|
2270
2270
|
],
|
|
2271
2271
|
"signature": "+OO0RhQ303RJV7kaH38IuZpLeQbapep6Ds4Re/WEZu0FHBwKSlwvF7jbtP7KQ57xldJYn/xZm2jaszyOacMfDg==",
|
|
2272
|
-
"signed_at": "2026-05-
|
|
2272
|
+
"signed_at": "2026-05-24T15:26:02.692Z"
|
|
2273
2273
|
},
|
|
2274
2274
|
{
|
|
2275
2275
|
"name": "cloud-iam-incident",
|
|
@@ -2349,7 +2349,7 @@
|
|
|
2349
2349
|
],
|
|
2350
2350
|
"last_threat_review": "2026-05-15",
|
|
2351
2351
|
"signature": "e/kij7GtKaytROyIj7V5RH+FC9WtmVFzrmG2kIlNDNn29ep/CRNlIQKwXLpzo/81AIf634pmdr1qy/+vwIuUDA==",
|
|
2352
|
-
"signed_at": "2026-05-
|
|
2352
|
+
"signed_at": "2026-05-24T15:26:02.692Z"
|
|
2353
2353
|
},
|
|
2354
2354
|
{
|
|
2355
2355
|
"name": "idp-incident-response",
|
|
@@ -2430,11 +2430,11 @@
|
|
|
2430
2430
|
],
|
|
2431
2431
|
"last_threat_review": "2026-05-15",
|
|
2432
2432
|
"signature": "ew9Kglc9fAZzbn0ZIfGP7WSK/j4eV2VhSvpy+s5bEfNEVYIMa2kZjnGBapgUsyGDLes9H9K2ovjQyX17+GKiBw==",
|
|
2433
|
-
"signed_at": "2026-05-
|
|
2433
|
+
"signed_at": "2026-05-24T15:26:02.693Z"
|
|
2434
2434
|
}
|
|
2435
2435
|
],
|
|
2436
2436
|
"manifest_signature": {
|
|
2437
2437
|
"algorithm": "Ed25519",
|
|
2438
|
-
"signature_base64": "
|
|
2438
|
+
"signature_base64": "Et2lPOBPBHY5gLfdlVz4FGr6aKjR/fAYhizxRPh0x3XcvecrTcUx2+ha8EgkPmhhA6avKBxloYXKrbr4xvpnCQ=="
|
|
2439
2439
|
}
|
|
2440
2440
|
}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@blamejs/exceptd-skills",
|
|
3
|
-
"version": "0.13.
|
|
4
|
-
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills,
|
|
3
|
+
"version": "0.13.63",
|
|
4
|
+
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 11 catalogs (312 CVEs / 171 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 7476 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"ai-security",
|
|
7
7
|
"ai-skills",
|
package/sbom.cdx.json
CHANGED
|
@@ -1,23 +1,23 @@
|
|
|
1
1
|
{
|
|
2
2
|
"bomFormat": "CycloneDX",
|
|
3
3
|
"specVersion": "1.6",
|
|
4
|
-
"serialNumber": "urn:uuid:
|
|
4
|
+
"serialNumber": "urn:uuid:35e13dc7-91ee-4f61-bce1-a1187f70406d",
|
|
5
5
|
"version": 1,
|
|
6
6
|
"metadata": {
|
|
7
|
-
"timestamp": "
|
|
7
|
+
"timestamp": "2054-08-24T10:17:43.000Z",
|
|
8
8
|
"tools": [
|
|
9
9
|
{
|
|
10
10
|
"vendor": "blamejs",
|
|
11
11
|
"name": "scripts/refresh-sbom.js",
|
|
12
|
-
"version": "0.13.
|
|
12
|
+
"version": "0.13.63"
|
|
13
13
|
}
|
|
14
14
|
],
|
|
15
15
|
"component": {
|
|
16
|
-
"bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.13.
|
|
16
|
+
"bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.13.63",
|
|
17
17
|
"type": "application",
|
|
18
18
|
"name": "@blamejs/exceptd-skills",
|
|
19
|
-
"version": "0.13.
|
|
20
|
-
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills,
|
|
19
|
+
"version": "0.13.63",
|
|
20
|
+
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 11 catalogs (312 CVEs / 171 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 7476 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
|
|
21
21
|
"licenses": [
|
|
22
22
|
{
|
|
23
23
|
"license": {
|
|
@@ -25,17 +25,17 @@
|
|
|
25
25
|
}
|
|
26
26
|
}
|
|
27
27
|
],
|
|
28
|
-
"purl": "pkg:npm/%40blamejs/exceptd-skills@0.13.
|
|
28
|
+
"purl": "pkg:npm/%40blamejs/exceptd-skills@0.13.63",
|
|
29
29
|
"hashes": [
|
|
30
30
|
{
|
|
31
31
|
"alg": "SHA-256",
|
|
32
|
-
"content": "
|
|
32
|
+
"content": "39aa4e01292c0582b31a9b73c8367754e6abb8bc5dd6686a68671c2a3149bf55"
|
|
33
33
|
}
|
|
34
34
|
],
|
|
35
35
|
"externalReferences": [
|
|
36
36
|
{
|
|
37
37
|
"type": "distribution",
|
|
38
|
-
"url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.13.
|
|
38
|
+
"url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.13.63"
|
|
39
39
|
},
|
|
40
40
|
{
|
|
41
41
|
"type": "vcs",
|
|
@@ -116,11 +116,11 @@
|
|
|
116
116
|
"hashes": [
|
|
117
117
|
{
|
|
118
118
|
"alg": "SHA-256",
|
|
119
|
-
"content": "
|
|
119
|
+
"content": "354c4ce635f1297f98d9529d637b4b4ff4bdf507ed621346b52ce894922e0ead"
|
|
120
120
|
},
|
|
121
121
|
{
|
|
122
122
|
"alg": "SHA3-512",
|
|
123
|
-
"content": "
|
|
123
|
+
"content": "cea1412c91b608151c20d4bf85a381d6bcbb86cecbfe1358b108af2a759204f2b0171f3a94867791b785be9d7d2614a41d5de534770762fd3c81935a9bcc64a2"
|
|
124
124
|
}
|
|
125
125
|
]
|
|
126
126
|
},
|
|
@@ -296,11 +296,11 @@
|
|
|
296
296
|
"hashes": [
|
|
297
297
|
{
|
|
298
298
|
"alg": "SHA-256",
|
|
299
|
-
"content": "
|
|
299
|
+
"content": "019f12d24dc45ef8f5ae8812dec7c31a9506429a94751aaa559890a007ec6b22"
|
|
300
300
|
},
|
|
301
301
|
{
|
|
302
302
|
"alg": "SHA3-512",
|
|
303
|
-
"content": "
|
|
303
|
+
"content": "d0429743b5a07dd04aaf02939ab95d9ca830081794ad2181c3a1f2051a161b5f566f3833fedc0d17e3da4dc8c5c76199e7168506d0aa3ede88fc89c685d2d71d"
|
|
304
304
|
}
|
|
305
305
|
]
|
|
306
306
|
},
|
|
@@ -401,11 +401,11 @@
|
|
|
401
401
|
"hashes": [
|
|
402
402
|
{
|
|
403
403
|
"alg": "SHA-256",
|
|
404
|
-
"content": "
|
|
404
|
+
"content": "2f6147edef1cdec29ae755ec42021038145a702d908a1d5cf0a42e2484cbc786"
|
|
405
405
|
},
|
|
406
406
|
{
|
|
407
407
|
"alg": "SHA3-512",
|
|
408
|
-
"content": "
|
|
408
|
+
"content": "720db4c5e625812ac1f9724a17e7cee2b4bca508156570d4eff74bef216d305e9a0c903f24f0ccd3180f751d00f5cf57ef8c45acfa87f389c0691872e3260814"
|
|
409
409
|
}
|
|
410
410
|
]
|
|
411
411
|
},
|
|
@@ -1661,11 +1661,11 @@
|
|
|
1661
1661
|
"hashes": [
|
|
1662
1662
|
{
|
|
1663
1663
|
"alg": "SHA-256",
|
|
1664
|
-
"content": "
|
|
1664
|
+
"content": "3be89a674691acd2ea97c62841b563b53f76cf22d1350f4b395f1259d684986b"
|
|
1665
1665
|
},
|
|
1666
1666
|
{
|
|
1667
1667
|
"alg": "SHA3-512",
|
|
1668
|
-
"content": "
|
|
1668
|
+
"content": "00e4dd816a2363fb0a0f07fe406aab4d3106d38c1dce4afb4f0b93311a43390ddce6a74339a38e81feb399683d533f2e13a6b5030e2b2acab638ca9061833df3"
|
|
1669
1669
|
}
|
|
1670
1670
|
]
|
|
1671
1671
|
},
|
|
@@ -1886,11 +1886,11 @@
|
|
|
1886
1886
|
"hashes": [
|
|
1887
1887
|
{
|
|
1888
1888
|
"alg": "SHA-256",
|
|
1889
|
-
"content": "
|
|
1889
|
+
"content": "6fa25dc8fa8d9743bab2f7ec04c5f793ee9fa21eba3bdfb7bfc153e8ac9a32ab"
|
|
1890
1890
|
},
|
|
1891
1891
|
{
|
|
1892
1892
|
"alg": "SHA3-512",
|
|
1893
|
-
"content": "
|
|
1893
|
+
"content": "df8845265c271180506628db9c2625ad284744719bc2c09991e32c77b0925f595b58bf49dab58c321703f310672eed33abc7475b5ea5955793cb707c0798996e"
|
|
1894
1894
|
}
|
|
1895
1895
|
]
|
|
1896
1896
|
},
|
|
@@ -2831,11 +2831,11 @@
|
|
|
2831
2831
|
"hashes": [
|
|
2832
2832
|
{
|
|
2833
2833
|
"alg": "SHA-256",
|
|
2834
|
-
"content": "
|
|
2834
|
+
"content": "0f55168c5cbcf8f8ad2760e7f782ca171a1a82a1f92c5123cb3c80d769386c7a"
|
|
2835
2835
|
},
|
|
2836
2836
|
{
|
|
2837
2837
|
"alg": "SHA3-512",
|
|
2838
|
-
"content": "
|
|
2838
|
+
"content": "2808a09b0e7c16a0802d1b02de7d3e80c45229dddcbb97bae2fc2194ccca784097883b18a04207c0f0b2e1b54ef599e224f7fdb3cc74d34df0a29a7060921bb3"
|
|
2839
2839
|
}
|
|
2840
2840
|
]
|
|
2841
2841
|
},
|
|
@@ -18,7 +18,7 @@ const path = require("path");
|
|
|
18
18
|
const CATALOG_PURPOSES = {
|
|
19
19
|
"cve-catalog.json": "Per-CVE record (CVSS, EPSS, CISA KEV, RWEP, AI-discovery, vendor advisories, framework gaps, ATLAS/ATT&CK mappings). Cross-validated against NVD + CISA KEV + FIRST EPSS via validate-cves.",
|
|
20
20
|
"cwe-catalog.json": "MITRE CWE entries used by the project (subset with skill citations), with severity hint and category. Pinned to a CWE catalog version.",
|
|
21
|
-
"atlas-ttps.json": "MITRE ATLAS TTPs (AML.T0xxx) cited by skills, with tactic, name, description. Pinned to ATLAS v5.6.0 (
|
|
21
|
+
"atlas-ttps.json": "MITRE ATLAS TTPs (AML.T0xxx) cited by skills, with tactic, name, description. Pinned to ATLAS v5.6.0 (May 2026).",
|
|
22
22
|
"d3fend-catalog.json": "MITRE D3FEND countermeasures (D3-xxx) keyed by id, with tactic + name. Pinned to D3FEND v1.0.0 release.",
|
|
23
23
|
"framework-control-gaps.json": "Per-control framework gap declarations: SI-2, A.8.8, PCI 6.3.3, etc. Each entry names the control, the lag, the evidence CVE, and remediation guidance.",
|
|
24
24
|
"global-frameworks.json": "Multi-jurisdiction framework registry: 35 jurisdictions × applicable frameworks × patch_sla / notification_sla / critical_controls / framework_gaps. Cross-cutting authority for jurisdiction-clocks index.",
|
|
@@ -55,7 +55,7 @@ The researcher skill sits between raw input and the specialized analytical skill
|
|
|
55
55
|
- **SesameOp campaign report.** Operator asks: "we are seeing strange Azure OpenAI calls from a finance host — is this anything?" Researcher recognizes the AI-as-C2 pattern from `data/zeroday-lessons.json`, maps to AML.T0096, routes to `ai-c2-detection`.
|
|
56
56
|
- **NIST 800-53 Rev. 6 draft published.** Operator asks: "does our gap analysis change?" Researcher routes to `skill-update-loop` for currency review, then to `framework-gap-analysis` for the specific control deltas.
|
|
57
57
|
|
|
58
|
-
Without this skill, the operator either has to know the full inventory of
|
|
58
|
+
Without this skill, the operator either has to know the full inventory of 41 specialized skills downstream of the researcher (researcher itself is the 42nd) and pick the right one (cognitive load that does not scale) or default to a single catch-all skill (which produces shallow output). The researcher skill is the routing layer that makes the rest of the library usable under operational pressure.
|
|
59
59
|
|
|
60
60
|
---
|
|
61
61
|
|
|
@@ -75,7 +75,7 @@ No compliance framework prescribes a research-and-route step between intake and
|
|
|
75
75
|
| SOC 2 | CC7.3 (Incident detection) | Requires incident detection and response procedures. Generic; does not require routing logic against a specialized analytical inventory. |
|
|
76
76
|
| CIS Controls v8 | 17 (Incident Response Management) | Plan, train, test. No structured triage layer specified. |
|
|
77
77
|
|
|
78
|
-
The framework lag here is structural: every framework assumes a generic incident handling pipeline. None assume the org has a curated inventory of
|
|
78
|
+
The framework lag here is structural: every framework assumes a generic incident handling pipeline. None assume the org has a curated inventory of 41 specialized analytical procedures and needs a router. The researcher skill is the routing layer the frameworks do not describe.
|
|
79
79
|
|
|
80
80
|
---
|
|
81
81
|
|