@blamejs/exceptd-skills 0.13.63 → 0.13.65

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. package/ARCHITECTURE.md +2 -2
  2. package/CHANGELOG.md +8 -0
  3. package/CONTEXT.md +2 -2
  4. package/README.md +2 -2
  5. package/data/_indexes/_meta.json +14 -14
  6. package/data/_indexes/activity-feed.json +157 -157
  7. package/data/_indexes/catalog-summaries.json +2 -2
  8. package/data/_indexes/currency.json +46 -46
  9. package/data/_indexes/handoff-dag.json +9 -5
  10. package/data/_indexes/section-offsets.json +64 -64
  11. package/data/_indexes/summary-cards.json +23 -23
  12. package/data/_indexes/token-budget.json +54 -54
  13. package/data/cwe-catalog.json +2 -2
  14. package/data/d3fend-catalog.json +2 -2
  15. package/manifest.json +184 -93
  16. package/package.json +1 -1
  17. package/sbom.cdx.json +59 -44
  18. package/scripts/audit-cross-skill.js +6 -1
  19. package/scripts/builders/catalog-summaries.js +2 -2
  20. package/scripts/sync-manifest-metadata.js +88 -0
  21. package/skills/age-gates-child-safety/skill.md +1 -1
  22. package/skills/ai-attack-surface/skill.md +1 -1
  23. package/skills/ai-c2-detection/skill.md +1 -1
  24. package/skills/attack-surface-pentest/skill.md +1 -1
  25. package/skills/defensive-countermeasure-mapping/skill.md +2 -2
  26. package/skills/dlp-gap-analysis/skill.md +1 -1
  27. package/skills/mcp-agent-trust/skill.md +1 -1
  28. package/skills/rag-pipeline-security/skill.md +1 -1
  29. package/skills/researcher/skill.md +4 -0
package/data/_indexes/summary-cards.json CHANGED
@@ -49,7 +49,7 @@
49
49
  "cwe_count": 5,
50
50
  "d3fend_count": 4,
51
51
  "rfc_count": 3,
52
- "last_threat_review": "2026-05-01",
52
+ "last_threat_review": "2026-05-15",
53
53
  "path": "skills/kernel-lpe-triage/skill.md",
54
54
  "handoff_targets": [
55
55
  "attack-surface-pentest",
@@ -109,7 +109,7 @@
109
109
  "cwe_count": 3,
110
110
  "d3fend_count": 2,
111
111
  "rfc_count": 0,
112
- "last_threat_review": "2026-05-01",
112
+ "last_threat_review": "2026-05-17",
113
113
  "path": "skills/ai-attack-surface/skill.md",
114
114
  "handoff_targets": []
115
115
  },
@@ -172,7 +172,7 @@
172
172
  "cwe_count": 8,
173
173
  "d3fend_count": 5,
174
174
  "rfc_count": 7,
175
- "last_threat_review": "2026-05-01",
175
+ "last_threat_review": "2026-05-17",
176
176
  "path": "skills/mcp-agent-trust/skill.md",
177
177
  "handoff_targets": [
178
178
  "attack-surface-pentest",
@@ -202,7 +202,7 @@
202
202
  "cwe_count": 0,
203
203
  "d3fend_count": 0,
204
204
  "rfc_count": 0,
205
- "last_threat_review": "2026-05-01",
205
+ "last_threat_review": "2026-05-22",
206
206
  "path": "skills/framework-gap-analysis/skill.md",
207
207
  "handoff_targets": []
208
208
  },
@@ -231,7 +231,7 @@
231
231
  "cwe_count": 0,
232
232
  "d3fend_count": 0,
233
233
  "rfc_count": 0,
234
- "last_threat_review": "2026-05-01",
234
+ "last_threat_review": "2026-05-22",
235
235
  "path": "skills/compliance-theater/skill.md",
236
236
  "handoff_targets": []
237
237
  },
@@ -258,7 +258,7 @@
258
258
  "cwe_count": 0,
259
259
  "d3fend_count": 0,
260
260
  "rfc_count": 0,
261
- "last_threat_review": "2026-05-01",
261
+ "last_threat_review": "2026-05-18",
262
262
  "path": "skills/exploit-scoring/skill.md",
263
263
  "handoff_targets": []
264
264
  },
@@ -301,7 +301,7 @@
301
301
  "cwe_count": 2,
302
302
  "d3fend_count": 3,
303
303
  "rfc_count": 0,
304
- "last_threat_review": "2026-05-01",
304
+ "last_threat_review": "2026-05-22",
305
305
  "path": "skills/rag-pipeline-security/skill.md",
306
306
  "handoff_targets": [
307
307
  "ai-attack-surface",
@@ -358,7 +358,7 @@
358
358
  "cwe_count": 0,
359
359
  "d3fend_count": 7,
360
360
  "rfc_count": 6,
361
- "last_threat_review": "2026-05-01",
361
+ "last_threat_review": "2026-05-17",
362
362
  "path": "skills/ai-c2-detection/skill.md",
363
363
  "handoff_targets": [
364
364
  "attack-surface-pentest",
@@ -390,7 +390,7 @@
390
390
  "cwe_count": 1,
391
391
  "d3fend_count": 0,
392
392
  "rfc_count": 0,
393
- "last_threat_review": "2026-05-01",
393
+ "last_threat_review": "2026-05-22",
394
394
  "path": "skills/policy-exception-gen/skill.md",
395
395
  "handoff_targets": []
396
396
  },
@@ -414,7 +414,7 @@
414
414
  "cwe_count": 0,
415
415
  "d3fend_count": 0,
416
416
  "rfc_count": 0,
417
- "last_threat_review": "2026-05-01",
417
+ "last_threat_review": "2026-05-18",
418
418
  "path": "skills/threat-model-currency/skill.md",
419
419
  "handoff_targets": []
420
420
  },
@@ -462,7 +462,7 @@
462
462
  "cwe_count": 0,
463
463
  "d3fend_count": 0,
464
464
  "rfc_count": 0,
465
- "last_threat_review": "2026-05-01",
465
+ "last_threat_review": "2026-05-18",
466
466
  "path": "skills/zeroday-gap-learn/skill.md",
467
467
  "handoff_targets": []
468
468
  },
@@ -503,7 +503,7 @@
503
503
  "cwe_count": 1,
504
504
  "d3fend_count": 2,
505
505
  "rfc_count": 8,
506
- "last_threat_review": "2026-05-01",
506
+ "last_threat_review": "2026-05-22",
507
507
  "path": "skills/pqc-first/skill.md",
508
508
  "handoff_targets": []
509
509
  },
@@ -527,7 +527,7 @@
527
527
  "cwe_count": 0,
528
528
  "d3fend_count": 0,
529
529
  "rfc_count": 0,
530
- "last_threat_review": "2026-05-01",
530
+ "last_threat_review": "2026-05-22",
531
531
  "path": "skills/skill-update-loop/skill.md",
532
532
  "handoff_targets": []
533
533
  },
@@ -726,7 +726,7 @@
726
726
  "cwe_count": 2,
727
727
  "d3fend_count": 5,
728
728
  "rfc_count": 2,
729
- "last_threat_review": "2026-05-11",
729
+ "last_threat_review": "2026-05-15",
730
730
  "path": "skills/dlp-gap-analysis/skill.md",
731
731
  "handoff_targets": []
732
732
  },
@@ -780,7 +780,7 @@
780
780
  "cwe_count": 5,
781
781
  "d3fend_count": 3,
782
782
  "rfc_count": 1,
783
- "last_threat_review": "2026-05-11",
783
+ "last_threat_review": "2026-05-15",
784
784
  "path": "skills/supply-chain-integrity/skill.md",
785
785
  "handoff_targets": []
786
786
  },
@@ -1115,7 +1115,7 @@
1115
1115
  "cwe_count": 2,
1116
1116
  "d3fend_count": 0,
1117
1117
  "rfc_count": 0,
1118
- "last_threat_review": "2026-05-11",
1118
+ "last_threat_review": "2026-05-15",
1119
1119
  "path": "skills/ai-risk-management/skill.md",
1120
1120
  "handoff_targets": [
1121
1121
  "ai-attack-surface",
@@ -1232,7 +1232,7 @@
1232
1232
  "cwe_count": 5,
1233
1233
  "d3fend_count": 0,
1234
1234
  "rfc_count": 4,
1235
- "last_threat_review": "2026-05-11",
1235
+ "last_threat_review": "2026-05-15",
1236
1236
  "path": "skills/sector-financial/skill.md",
1237
1237
  "handoff_targets": [
1238
1238
  "ai-attack-surface",
@@ -1455,7 +1455,7 @@
1455
1455
  "cwe_count": 9,
1456
1456
  "d3fend_count": 0,
1457
1457
  "rfc_count": 7,
1458
- "last_threat_review": "2026-05-11",
1458
+ "last_threat_review": "2026-05-18",
1459
1459
  "path": "skills/api-security/skill.md",
1460
1460
  "handoff_targets": [
1461
1461
  "ai-c2-detection",
@@ -1568,7 +1568,7 @@
1568
1568
  "cwe_count": 5,
1569
1569
  "d3fend_count": 0,
1570
1570
  "rfc_count": 2,
1571
- "last_threat_review": "2026-05-11",
1571
+ "last_threat_review": "2026-05-15",
1572
1572
  "path": "skills/container-runtime-security/skill.md",
1573
1573
  "handoff_targets": [
1574
1574
  "ai-attack-surface",
@@ -1632,7 +1632,7 @@
1632
1632
  "cwe_count": 4,
1633
1633
  "d3fend_count": 0,
1634
1634
  "rfc_count": 1,
1635
- "last_threat_review": "2026-05-11",
1635
+ "last_threat_review": "2026-05-22",
1636
1636
  "path": "skills/mlops-security/skill.md",
1637
1637
  "handoff_targets": [
1638
1638
  "ai-attack-surface",
@@ -1677,7 +1677,7 @@
1677
1677
  "cwe_count": 0,
1678
1678
  "d3fend_count": 0,
1679
1679
  "rfc_count": 0,
1680
- "last_threat_review": "2026-05-11",
1680
+ "last_threat_review": "2026-05-22",
1681
1681
  "path": "skills/incident-response-playbook/skill.md",
1682
1682
  "handoff_targets": [
1683
1683
  "ai-attack-surface",
@@ -1739,7 +1739,7 @@
1739
1739
  "cwe_count": 2,
1740
1740
  "d3fend_count": 4,
1741
1741
  "rfc_count": 0,
1742
- "last_threat_review": "2026-05-15",
1742
+ "last_threat_review": "2026-05-22",
1743
1743
  "path": "skills/ransomware-response/skill.md",
1744
1744
  "handoff_targets": [
1745
1745
  "compliance-theater",
@@ -1783,7 +1783,7 @@
1783
1783
  "cwe_count": 0,
1784
1784
  "d3fend_count": 0,
1785
1785
  "rfc_count": 0,
1786
- "last_threat_review": "2026-05-11",
1786
+ "last_threat_review": "2026-05-18",
1787
1787
  "path": "skills/email-security-anti-phishing/skill.md",
1788
1788
  "handoff_targets": [
1789
1789
  "ai-attack-surface",
package/data/_indexes/token-budget.json CHANGED
@@ -3,8 +3,8 @@
3
3
  "schema_version": "1.0.0",
4
4
  "tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
5
5
  "approx_chars_per_token": 4,
6
- "total_chars": 1671867,
7
- "total_approx_tokens": 417973,
6
+ "total_chars": 1672973,
7
+ "total_approx_tokens": 418252,
8
8
  "skill_count": 42
9
9
  },
10
10
  "skills": {
@@ -70,10 +70,10 @@
70
70
  },
71
71
  "ai-attack-surface": {
72
72
  "path": "skills/ai-attack-surface/skill.md",
73
- "bytes": 29677,
74
- "chars": 29601,
73
+ "bytes": 29679,
74
+ "chars": 29603,
75
75
  "lines": 337,
76
- "approx_tokens": 7400,
76
+ "approx_tokens": 7401,
77
77
  "approx_chars_per_token": 4,
78
78
  "sections": {
79
79
  "threat-context": {
@@ -107,8 +107,8 @@
107
107
  "approx_tokens": 422
108
108
  },
109
109
  "defensive-countermeasure-mapping": {
110
- "bytes": 3718,
111
- "chars": 3706,
110
+ "bytes": 3720,
111
+ "chars": 3708,
112
112
  "approx_tokens": 927
113
113
  },
114
114
  "compliance-theater-check": {
@@ -120,10 +120,10 @@
120
120
  },
121
121
  "mcp-agent-trust": {
122
122
  "path": "skills/mcp-agent-trust/skill.md",
123
- "bytes": 32105,
124
- "chars": 32013,
123
+ "bytes": 32107,
124
+ "chars": 32015,
125
125
  "lines": 380,
126
- "approx_tokens": 8003,
126
+ "approx_tokens": 8004,
127
127
  "approx_chars_per_token": 4,
128
128
  "sections": {
129
129
  "threat-context": {
@@ -162,8 +162,8 @@
162
162
  "approx_tokens": 608
163
163
  },
164
164
  "defensive-countermeasure-mapping": {
165
- "bytes": 4201,
166
- "chars": 4195,
165
+ "bytes": 4203,
166
+ "chars": 4197,
167
167
  "approx_tokens": 1049
168
168
  },
169
169
  "compliance-theater-check": {
@@ -365,10 +365,10 @@
365
365
  },
366
366
  "rag-pipeline-security": {
367
367
  "path": "skills/rag-pipeline-security/skill.md",
368
- "bytes": 31951,
369
- "chars": 31776,
368
+ "bytes": 31953,
369
+ "chars": 31778,
370
370
  "lines": 334,
371
- "approx_tokens": 7944,
371
+ "approx_tokens": 7945,
372
372
  "approx_chars_per_token": 4,
373
373
  "sections": {
374
374
  "threat-context": {
@@ -432,9 +432,9 @@
432
432
  "approx_tokens": 656
433
433
  },
434
434
  "defensive-countermeasure-mapping": {
435
- "bytes": 3879,
436
- "chars": 3857,
437
- "approx_tokens": 964
435
+ "bytes": 3881,
436
+ "chars": 3859,
437
+ "approx_tokens": 965
438
438
  },
439
439
  "compliance-theater-check": {
440
440
  "bytes": 644,
@@ -445,10 +445,10 @@
445
445
  },
446
446
  "ai-c2-detection": {
447
447
  "path": "skills/ai-c2-detection/skill.md",
448
- "bytes": 39771,
449
- "chars": 39617,
448
+ "bytes": 39773,
449
+ "chars": 39619,
450
450
  "lines": 488,
451
- "approx_tokens": 9904,
451
+ "approx_tokens": 9905,
452
452
  "approx_chars_per_token": 4,
453
453
  "sections": {
454
454
  "threat-context": {
@@ -492,8 +492,8 @@
492
492
  "approx_tokens": 1018
493
493
  },
494
494
  "defensive-countermeasure-mapping": {
495
- "bytes": 3942,
496
- "chars": 3930,
495
+ "bytes": 3944,
496
+ "chars": 3932,
497
497
  "approx_tokens": 983
498
498
  },
499
499
  "compliance-theater-check": {
@@ -1015,10 +1015,10 @@
1015
1015
  },
1016
1016
  "researcher": {
1017
1017
  "path": "skills/researcher/skill.md",
1018
- "bytes": 32800,
1019
- "chars": 32626,
1020
- "lines": 338,
1021
- "approx_tokens": 8157,
1018
+ "bytes": 33661,
1019
+ "chars": 33479,
1020
+ "lines": 342,
1021
+ "approx_tokens": 8370,
1022
1022
  "approx_chars_per_token": 4,
1023
1023
  "sections": {
1024
1024
  "frontmatter-scope": {
@@ -1047,9 +1047,9 @@
1047
1047
  "approx_tokens": 377
1048
1048
  },
1049
1049
  "analysis-procedure": {
1050
- "bytes": 13999,
1051
- "chars": 13871,
1052
- "approx_tokens": 3468
1050
+ "bytes": 14860,
1051
+ "chars": 14724,
1052
+ "approx_tokens": 3681
1053
1053
  },
1054
1054
  "output-format": {
1055
1055
  "bytes": 3163,
@@ -1070,8 +1070,8 @@
1070
1070
  },
1071
1071
  "attack-surface-pentest": {
1072
1072
  "path": "skills/attack-surface-pentest/skill.md",
1073
- "bytes": 33290,
1074
- "chars": 33147,
1073
+ "bytes": 33291,
1074
+ "chars": 33148,
1075
1075
  "lines": 388,
1076
1076
  "approx_tokens": 8287,
1077
1077
  "approx_chars_per_token": 4,
@@ -1112,9 +1112,9 @@
1112
1112
  "approx_tokens": 576
1113
1113
  },
1114
1114
  "defensive-countermeasure-mapping": {
1115
- "bytes": 1611,
1116
- "chars": 1609,
1117
- "approx_tokens": 402
1115
+ "bytes": 1612,
1116
+ "chars": 1610,
1117
+ "approx_tokens": 403
1118
1118
  }
1119
1119
  }
1120
1120
  },
@@ -1170,10 +1170,10 @@
1170
1170
  },
1171
1171
  "dlp-gap-analysis": {
1172
1172
  "path": "skills/dlp-gap-analysis/skill.md",
1173
- "bytes": 42409,
1174
- "chars": 42140,
1173
+ "bytes": 42411,
1174
+ "chars": 42142,
1175
1175
  "lines": 346,
1176
- "approx_tokens": 10535,
1176
+ "approx_tokens": 10536,
1177
1177
  "approx_chars_per_token": 4,
1178
1178
  "sections": {
1179
1179
  "threat-context": {
@@ -1212,8 +1212,8 @@
1212
1212
  "approx_tokens": 645
1213
1213
  },
1214
1214
  "defensive-countermeasure-mapping": {
1215
- "bytes": 3955,
1216
- "chars": 3903,
1215
+ "bytes": 3957,
1216
+ "chars": 3905,
1217
1217
  "approx_tokens": 976
1218
1218
  }
1219
1219
  }
@@ -1270,10 +1270,10 @@
1270
1270
  },
1271
1271
  "defensive-countermeasure-mapping": {
1272
1272
  "path": "skills/defensive-countermeasure-mapping/skill.md",
1273
- "bytes": 33463,
1274
- "chars": 33325,
1273
+ "bytes": 33707,
1274
+ "chars": 33565,
1275
1275
  "lines": 304,
1276
- "approx_tokens": 8331,
1276
+ "approx_tokens": 8391,
1277
1277
  "approx_chars_per_token": 4,
1278
1278
  "sections": {
1279
1279
  "threat-context": {
@@ -1282,9 +1282,9 @@
1282
1282
  "approx_tokens": 882
1283
1283
  },
1284
1284
  "framework-lag-declaration": {
1285
- "bytes": 4420,
1286
- "chars": 4404,
1287
- "approx_tokens": 1101
1285
+ "bytes": 4556,
1286
+ "chars": 4536,
1287
+ "approx_tokens": 1134
1288
1288
  },
1289
1289
  "ttp-mapping": {
1290
1290
  "bytes": 1957,
@@ -1312,9 +1312,9 @@
1312
1312
  "approx_tokens": 694
1313
1313
  },
1314
1314
  "defensive-countermeasure-mapping": {
1315
- "bytes": 3321,
1316
- "chars": 3295,
1317
- "approx_tokens": 824
1315
+ "bytes": 3429,
1316
+ "chars": 3403,
1317
+ "approx_tokens": 851
1318
1318
  }
1319
1319
  }
1320
1320
  },
@@ -2320,10 +2320,10 @@
2320
2320
  },
2321
2321
  "age-gates-child-safety": {
2322
2322
  "path": "skills/age-gates-child-safety/skill.md",
2323
- "bytes": 70471,
2324
- "chars": 70181,
2323
+ "bytes": 70473,
2324
+ "chars": 70183,
2325
2325
  "lines": 459,
2326
- "approx_tokens": 17545,
2326
+ "approx_tokens": 17546,
2327
2327
  "approx_chars_per_token": 4,
2328
2328
  "sections": {
2329
2329
  "threat-context": {
@@ -2362,8 +2362,8 @@
2362
2362
  "approx_tokens": 1517
2363
2363
  },
2364
2364
  "defensive-countermeasure-mapping": {
2365
- "bytes": 5142,
2366
- "chars": 5131,
2365
+ "bytes": 5144,
2366
+ "chars": 5133,
2367
2367
  "approx_tokens": 1283
2368
2368
  },
2369
2369
  "hand-off": {
package/data/cwe-catalog.json CHANGED
@@ -2,8 +2,8 @@
2
2
  "_meta": {
3
3
  "schema_version": "1.0.0",
4
4
  "last_updated": "2026-05-19",
5
- "cwe_version": "4.16",
6
- "cwe_version_release_date": "2024-11-19",
5
+ "cwe_version": "4.20",
6
+ "cwe_version_release_date": "2026-04-30",
7
7
  "source": "https://cwe.mitre.org",
8
8
  "view_general": "CWE View 1003 (Weaknesses for Simplified Mapping of Published Vulnerabilities)",
9
9
  "view_research": "CWE View 1000 (Research Concepts)",
package/data/d3fend-catalog.json CHANGED
@@ -2,8 +2,8 @@
2
2
  "_meta": {
3
3
  "schema_version": "1.0.0",
4
4
  "last_updated": "2026-05-19",
5
- "d3fend_version": "1.0.0",
6
- "d3fend_release_date": "2024-06-01",
5
+ "d3fend_version": "1.3.0",
6
+ "d3fend_release_date": "2025-12-16",
7
7
  "source": "https://d3fend.mitre.org",
8
8
  "skill_refs_field": "d3fend_refs",
9
9
  "complement_to": "atlas-ttps.json (offensive); D3FEND covers defensive countermeasures",