@blamejs/exceptd-skills 0.13.64 → 0.13.65

package/ARCHITECTURE.md

@@ -176,13 +176,13 @@ Tracks PoC status, weaponization stage, and AI-assist factor per CVE. Updated wh
 
 ### `data/cwe-catalog.json`
 
-55 CWE entries pinned to **CWE v4.17**. Covers the Top 25 Most Dangerous Software Weaknesses (2024 release) plus AI- and supply-chain-relevant weakness classes (prompt-injection-as-trust-boundary failure, training data integrity, dependency confusion, untrusted artifact ingestion). Each entry records root-cause description, common consequences, mitigation patterns, and the CVEs in `cve-catalog.json` that instantiate the weakness. Skills cite CWE IDs in `cwe_refs` to anchor a finding to a stable weakness taxonomy rather than to a single CVE; the CWE provides the durable root-cause lens that survives across exploit generations.
+171 CWE entries pinned to **CWE v4.20**. Covers the Top 25 Most Dangerous Software Weaknesses (2024 release) plus AI- and supply-chain-relevant weakness classes (prompt-injection-as-trust-boundary failure, training data integrity, dependency confusion, untrusted artifact ingestion). Each entry records root-cause description, common consequences, mitigation patterns, and the CVEs in `cve-catalog.json` that instantiate the weakness. Skills cite CWE IDs in `cwe_refs` to anchor a finding to a stable weakness taxonomy rather than to a single CVE; the CWE provides the durable root-cause lens that survives across exploit generations.
 
 `_meta.cwe_version` pins the version; on a CWE release, audit IDs for renames or deprecations, bump `last_threat_review` on affected skills, and update `_meta`.
 
 ### `data/d3fend-catalog.json`
 
-468 MITRE D3FEND defensive technique entries pinned to **D3FEND v1.0.0**. Each entry records the defensive technique ID (e.g., `D3-EAL` Executable Allowlisting), the tactic / artifact it defends, the offensive ATLAS / ATT&CK TTPs it counters, defense-in-depth layer position, least-privilege scope assumptions, zero-trust posture compatibility, and AI-pipeline applicability per Hard Rule #9. Skills cite D3FEND IDs in `d3fend_refs` to map offensive findings to a defensive countermeasure rather than to abstract control language. The `defensive-countermeasure-mapping` skill is the canonical consumer; any skill shipped on or after 2026-05-11 includes a Defensive Countermeasure Mapping section referencing this catalog.
+468 MITRE D3FEND defensive technique entries pinned to **D3FEND v1.3.0**. Each entry records the defensive technique ID (e.g., `D3-EAL` Executable Allowlisting), the tactic / artifact it defends, the offensive ATLAS / ATT&CK TTPs it counters, defense-in-depth layer position, least-privilege scope assumptions, zero-trust posture compatibility, and AI-pipeline applicability per Hard Rule #9. Skills cite D3FEND IDs in `d3fend_refs` to map offensive findings to a defensive countermeasure rather than to abstract control language. The `defensive-countermeasure-mapping` skill is the canonical consumer; any skill shipped on or after 2026-05-11 includes a Defensive Countermeasure Mapping section referencing this catalog.
 
 `_meta.d3fend_version` pins the version; D3FEND ontology additions are tracked in skill `forward_watch` fields.
 

package/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 0.13.65 — 2026-05-24
+
+Standards refresh: the MITRE D3FEND and CWE pins are brought current. D3FEND moves from v1.0.0 (June 2024) to v1.3.0 (December 2025) and CWE to 4.20 (April 2026) across the catalog `_meta`, operator docs, skill bodies, and the catalog-summary index. A breaking-change audit against both releases found no renamed or deprecated identifiers among the referenced techniques and weaknesses — D3FEND v1.0→v1.3 is additive, and CWE 4.16→4.20 deprecated nothing — so no skill mapping changed. Also corrected stale catalog counts in the architecture and context docs (CWE 55→171, D3FEND 28→468) and a skill that still cited D3FEND v0.10. A new guard fails the build if any D3FEND or CWE version mention diverges from the catalog pin.
+
 ## 0.13.64 — 2026-05-24
 
 Audit-tooling and metadata consistency. The jurisdiction count now has a single source of truth — it is computed from the framework registry (35: every non-metadata entry, including the international / multi-jurisdiction standards scope) rather than restated by hand in the catalog summary and the cross-skill audit, which had diverged to 34. The researcher routing table gained entries for four skills it previously could not reach: `sector-telecom`, `ransomware-response`, `cloud-iam-incident`, and `idp-incident-response`. The per-skill `forward_watch` and `last_threat_review` fields in the shipped manifest are now synchronized from each skill's frontmatter — 40 stale cached values were corrected, including a forecast note that still dated an ATLAS release to the wrong month — and a guard now fails the build if the manifest cache drifts from frontmatter again. The defensive-countermeasure-mapping skill cites the current MITRE Center for Threat-Informed Defense ATT&CK Mappings crosswalk version (v16.1) and notes that it lags the live ATT&CK v19.0 matrix.

package/CONTEXT.md

@@ -120,8 +120,8 @@ Skills and playbooks read from `data/`. Authoritative catalog inventory:
 | `exploit-availability.json` | 10 | Per-CVE PoC locations, weaponization stage, AI-acceleration factor, live-patch status |
 | `global-frameworks.json` | 35 jurisdictions | Patch SLAs and notification windows across global regulatory regimes |
 | `zeroday-lessons.json` | 10 | Learning-loop entries: zero-day → attack vector → control gap → framework gap → new control |
-| `cwe-catalog.json` | 55 | CWE v4.17 entries (Top 25 2024 plus AI- and supply-chain-relevant weaknesses) |
-| `d3fend-catalog.json` | 28 | MITRE D3FEND v1.0.0 defensive techniques for offensive → defensive mapping |
+| `cwe-catalog.json` | 171 | CWE v4.20 entries (Top 25 2024 plus AI- and supply-chain-relevant weaknesses) |
+| `d3fend-catalog.json` | 468 | MITRE D3FEND v1.3.0 defensive techniques for offensive → defensive mapping |
 | `rfc-references.json` | 31 | IETF RFC / Internet-Draft references with status, errata count, replaces / replaced-by, `last_verified` dates |
 | `dlp-controls.json` | 22 | DLP control entries indexed by channel, classifier, surface, enforcement mode, evidence type |
 | `playbooks/` | 13 | Playbook specifications (see above) |

package/README.md

@@ -552,8 +552,8 @@ All skills pull from `data/`. Cross-validated against canonical upstream sources
 - `exploit-availability.json` — PoC locations, weaponization status, AI-assist factor
 - `global-frameworks.json` — All major global compliance frameworks (35 jurisdictions) with control inventories and lag scores
 - `zeroday-lessons.json` — Zero-day → control gap → framework gap → new control requirement mappings
-- `cwe-catalog.json` — CWE entries pinned to CWE v4.17 (Top 25 + AI- / supply-chain-relevant additions)
-- `d3fend-catalog.json` — MITRE D3FEND defensive technique entries pinned to D3FEND v1.0.0
+- `cwe-catalog.json` — CWE entries pinned to CWE v4.20 (Top 25 + AI- / supply-chain-relevant additions)
+- `d3fend-catalog.json` — MITRE D3FEND defensive technique entries pinned to D3FEND v1.3.0
 - `rfc-references.json` — IETF RFC / Internet-Draft references with status, errata, replaces / replaced-by, `last_verified`
 - `dlp-controls.json` — DLP control entries indexed by channel / classifier / surface / enforcement / evidence
 

package/data/_indexes/_meta.json

@@ -1,15 +1,15 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-24T17:31:05.287Z",
+  "generated_at": "2026-05-24T18:06:30.702Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "7bef48dc556daf70b02e3816e1be1392c249559ea08c2365946cd215126d1d65",
+    "manifest.json": "3d668e206d800377a1ea731e226e36dd4b5aa02f4e608d07cdb87d323b5ad409",
     "data/atlas-ttps.json": "019f12d24dc45ef8f5ae8812dec7c31a9506429a94751aaa559890a007ec6b22",
     "data/attack-techniques.json": "49b6010b317edd219def135171ea8f3b1bbf1e00e9c5a08bf7237215ff54e2c3",
     "data/cve-catalog.json": "a09c83af3f9679a7ea73935726a1ff9de2cab94b4ab6321fc017fc147747d7c3",
-    "data/cwe-catalog.json": "c56e74b8c9290583b1d6fdd21b54bd65a254c58890c5f683379788ca7b080e9d",
-    "data/d3fend-catalog.json": "4271102f8c38999444bcd981c1cf5feb4ad09f8c0b1d9b79df3f1a82f4fb50f0",
+    "data/cwe-catalog.json": "4cb1193c4e20ddd3f480a7f421f28e3472b856b0c070761a0fe149a64c90fa8e",
+    "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
     "data/framework-control-gaps.json": "2f6147edef1cdec29ae755ec42021038145a702d908a1d5cf0a42e2484cbc786",
@@ -17,13 +17,13 @@
     "data/rfc-references.json": "926ea25892e052fc6a8b9952afc1d8e2bd06c4aec223a1a7aa79ef1dfd7b7bb5",
     "data/zeroday-lessons.json": "7242a7349ac79a74813bf2b7486b6000c0c877e71cec17e2d68df33bc4007b93",
     "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
-    "skills/ai-attack-surface/skill.md": "6ff82cd5e805a29b694a71ffbeba22e78966249da921706f3256fa4319e402fc",
-    "skills/mcp-agent-trust/skill.md": "bf3ded40e84443400c9bec8634e0d6a14c9633e569d8c2e26f9d5881f8e78dff",
+    "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
+    "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
     "skills/framework-gap-analysis/skill.md": "17249909697a9c61b71f6885a1f4888ab1e727909ddb487ed82aeef535884a4f",
     "skills/compliance-theater/skill.md": "d656444bb1987f43ae61374f210977d0c1f247f54d7318fdd639dd0cfdbef392",
     "skills/exploit-scoring/skill.md": "f55e9aa4985ebad8a2a12092c937deb6939a639dc1e16e2214ecfa1c9b9402c4",
-    "skills/rag-pipeline-security/skill.md": "d3ad18562a6083fb773347e24b6fcda2adcb68b4269e29df53b5afeb113cf7b0",
-    "skills/ai-c2-detection/skill.md": "524474483bdfa9614cf31276f16c0ec365a364e61e9ca6047c08621751539671",
+    "skills/rag-pipeline-security/skill.md": "792c6f48a7ff06785c24258cac1714068feafefb3f8f05e6c62ddce2f2f9128d",
+    "skills/ai-c2-detection/skill.md": "de83dc284dc4f85a8a383c0b715ec7b9ea127ec49c3227bf4c72344bad4008ed",
     "skills/policy-exception-gen/skill.md": "238074319b57399c75d76439ef1ff67153b5a3207adf1556f3ca1e68cfe7cfaa",
     "skills/threat-model-currency/skill.md": "4295c0efe31dcbec1a7bc96b8ce05d41414d918cbfc7fb7dffb2be7e4d873ae3",
     "skills/global-grc/skill.md": "57ca729034e9d33c527d869c1c4aa82fe37e496878a3cbcd9e5043cb62b7105d",
@@ -32,9 +32,9 @@
     "skills/skill-update-loop/skill.md": "f7cd18df293b90c0d2afb6ba8b87664419becea6b63221f03efaf09c69586025",
     "skills/security-maturity-tiers/skill.md": "2e46c9332a5a6190d4605ba7bc653410659be19fab50c78c0a6732f84ebdb300",
     "skills/researcher/skill.md": "dc8ceab8f69af370abb1165ed14ead6f3e9d236a8f703165eba52014ebfd43ab",
-    "skills/attack-surface-pentest/skill.md": "d6ea35136f93eb4aa75b65a5ae402353b0e2c63a83acece1606fe3f5d1ec6a8d",
+    "skills/attack-surface-pentest/skill.md": "6174a20b777a82c83941ef64d27e8c7e4091649358930ac1ba564a0ad4d9399f",
     "skills/fuzz-testing-strategy/skill.md": "86e7bf537e4313b932acaba6282a4514336066a740bdbee4e7cbea2d2ef05b54",
-    "skills/dlp-gap-analysis/skill.md": "b5183b5ea6fad6986500d7a04e83239a5fbf4272eaa6888b8be6420ce3d36ac5",
+    "skills/dlp-gap-analysis/skill.md": "d59a136aa6478b069975b2406c4e3be4b227273641b054852ebc6eedeebd3754",
     "skills/supply-chain-integrity/skill.md": "90e930ef5d4cc5a54653844098d3549c3760b1a4aba5c48db1bd4eb24bea8d1b",
     "skills/defensive-countermeasure-mapping/skill.md": "dd89c729e7bbfa3c9455dec9b986455dec3c720249c559d2195179a5cbbb2933",
     "skills/identity-assurance/skill.md": "f3c29ce17aaa426b65b58238e5bc9ccabcda23a8d350e597840e5d6d664aa102",
@@ -55,7 +55,7 @@
     "skills/incident-response-playbook/skill.md": "9c219de36c7d702dff8504a25e2f1b07459716ea2ed02f49d751f91dbeca1b01",
     "skills/ransomware-response/skill.md": "471b714c42717d43f81b2b582cd8e89ca8d3140de2ddc06cce15f012a0e19be1",
     "skills/email-security-anti-phishing/skill.md": "250f266908f51f99a4cb3aec0d5dacfcf91fac9f3d95e5a117429a40ed2ff45a",
-    "skills/age-gates-child-safety/skill.md": "b8fad37033ba955eee678950963e816b6c56fd34a953e5c81b3bdd4c12a8f69a",
+    "skills/age-gates-child-safety/skill.md": "639b79a2724415afe9e4469202f806e5bec022c0946c9496d4e17ed73aabbe21",
     "skills/cloud-iam-incident/skill.md": "5ec3800a0049b2123aff67bfab4ff28491a86d2daeb712283e5e88b10c3d5d7b",
     "skills/idp-incident-response/skill.md": "e67a2576e7f1c3bf89f499f5c977bc470ef29e8b3e3e45f4cb5bd45a82674282"
   },
@@ -78,7 +78,7 @@
     "handoff_dag_nodes": 42,
     "summary_cards": 42,
     "section_offsets_skills": 42,
-    "token_budget_total_approx": 418246,
+    "token_budget_total_approx": 418252,
     "recipes": 8,
     "jurisdiction_clocks": 29,
     "did_ladders": 8,

package/data/_indexes/catalog-summaries.json

@@ -95,7 +95,7 @@
     },
     "d3fend-catalog.json": {
       "path": "data/d3fend-catalog.json",
-      "purpose": "MITRE D3FEND countermeasures (D3-xxx) keyed by id, with tactic + name. Pinned to D3FEND v1.0.0 release.",
+      "purpose": "MITRE D3FEND countermeasures (D3-xxx) keyed by id, with tactic + name. Pinned to D3FEND v1.3.0 release.",
       "schema_version": "1.0.0",
       "last_updated": "2026-05-19",
       "tlp": "CLEAR",

package/data/_indexes/section-offsets.json

@@ -122,7 +122,7 @@
     },
     "ai-attack-surface": {
       "path": "skills/ai-attack-surface/skill.md",
-      "total_bytes": 29677,
+      "total_bytes": 29679,
       "total_lines": 337,
       "frontmatter": {
         "line_start": 1,
@@ -190,16 +190,16 @@
           "normalized_name": "defensive-countermeasure-mapping",
           "line": 310,
           "byte_start": 24873,
-          "byte_end": 28591,
-          "bytes": 3718,
+          "byte_end": 28593,
+          "bytes": 3720,
           "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
           "normalized_name": "compliance-theater-check",
           "line": 332,
-          "byte_start": 28591,
-          "byte_end": 29677,
+          "byte_start": 28593,
+          "byte_end": 29679,
           "bytes": 1086,
           "h3_count": 0
         }
@@ -207,7 +207,7 @@
     },
     "mcp-agent-trust": {
       "path": "skills/mcp-agent-trust/skill.md",
-      "total_bytes": 32105,
+      "total_bytes": 32107,
       "total_lines": 380,
       "frontmatter": {
         "line_start": 1,
@@ -284,16 +284,16 @@
           "normalized_name": "defensive-countermeasure-mapping",
           "line": 354,
           "byte_start": 27391,
-          "byte_end": 31592,
-          "bytes": 4201,
+          "byte_end": 31594,
+          "bytes": 4203,
           "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
           "normalized_name": "compliance-theater-check",
           "line": 377,
-          "byte_start": 31592,
-          "byte_end": 32105,
+          "byte_start": 31594,
+          "byte_end": 32107,
           "bytes": 513,
           "h3_count": 0
         }
@@ -628,7 +628,7 @@
     },
     "rag-pipeline-security": {
       "path": "skills/rag-pipeline-security/skill.md",
-      "total_bytes": 31951,
+      "total_bytes": 31953,
       "total_lines": 334,
       "frontmatter": {
         "line_start": 1,
@@ -750,16 +750,16 @@
           "normalized_name": "defensive-countermeasure-mapping",
           "line": 309,
           "byte_start": 27428,
-          "byte_end": 31307,
-          "bytes": 3879,
+          "byte_end": 31309,
+          "bytes": 3881,
           "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
           "normalized_name": "compliance-theater-check",
           "line": 331,
-          "byte_start": 31307,
-          "byte_end": 31951,
+          "byte_start": 31309,
+          "byte_end": 31953,
           "bytes": 644,
           "h3_count": 0
         }
@@ -767,7 +767,7 @@
     },
     "ai-c2-detection": {
       "path": "skills/ai-c2-detection/skill.md",
-      "total_bytes": 39771,
+      "total_bytes": 39773,
       "total_lines": 488,
       "frontmatter": {
         "line_start": 1,
@@ -853,16 +853,16 @@
           "normalized_name": "defensive-countermeasure-mapping",
           "line": 414,
           "byte_start": 30003,
-          "byte_end": 33945,
-          "bytes": 3942,
+          "byte_end": 33947,
+          "bytes": 3944,
           "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
           "normalized_name": "compliance-theater-check",
           "line": 438,
-          "byte_start": 33945,
-          "byte_end": 35335,
+          "byte_start": 33947,
+          "byte_end": 35337,
           "bytes": 1390,
           "h3_count": 0
         },
@@ -870,8 +870,8 @@
           "name": "Output Format",
           "normalized_name": "output-format",
           "line": 444,
-          "byte_start": 35335,
-          "byte_end": 36828,
+          "byte_start": 35337,
+          "byte_end": 36830,
           "bytes": 1493,
           "h3_count": 5
         },
@@ -879,8 +879,8 @@
           "name": "Hand-Off / Related Skills",
           "normalized_name": "hand-off",
           "line": 477,
-          "byte_start": 36828,
-          "byte_end": 39771,
+          "byte_start": 36830,
+          "byte_end": 39773,
           "bytes": 2943,
           "h3_count": 0
         }
@@ -1847,7 +1847,7 @@
     },
     "attack-surface-pentest": {
       "path": "skills/attack-surface-pentest/skill.md",
-      "total_bytes": 33290,
+      "total_bytes": 33291,
       "total_lines": 388,
       "frontmatter": {
         "line_start": 1,
@@ -1924,8 +1924,8 @@
           "normalized_name": "defensive-countermeasure-mapping",
           "line": 377,
           "byte_start": 31679,
-          "byte_end": 33290,
-          "bytes": 1611,
+          "byte_end": 33291,
+          "bytes": 1612,
           "h3_count": 0
         }
       ]
@@ -2017,7 +2017,7 @@
     },
     "dlp-gap-analysis": {
       "path": "skills/dlp-gap-analysis/skill.md",
-      "total_bytes": 42409,
+      "total_bytes": 42411,
       "total_lines": 346,
       "frontmatter": {
         "line_start": 1,
@@ -2094,8 +2094,8 @@
           "normalized_name": "defensive-countermeasure-mapping",
           "line": 319,
           "byte_start": 38454,
-          "byte_end": 42409,
-          "bytes": 3955,
+          "byte_end": 42411,
+          "bytes": 3957,
           "h3_count": 0
         }
       ]
@@ -3982,7 +3982,7 @@
     },
     "age-gates-child-safety": {
       "path": "skills/age-gates-child-safety/skill.md",
-      "total_bytes": 70471,
+      "total_bytes": 70473,
       "total_lines": 459,
       "frontmatter": {
         "line_start": 1,
@@ -4059,16 +4059,16 @@
           "normalized_name": "defensive-countermeasure-mapping",
           "line": 421,
           "byte_start": 60996,
-          "byte_end": 66138,
-          "bytes": 5142,
+          "byte_end": 66140,
+          "bytes": 5144,
           "h3_count": 0
         },
         {
           "name": "Hand-Off / Related Skills",
           "normalized_name": "hand-off",
           "line": 441,
-          "byte_start": 66138,
-          "byte_end": 70471,
+          "byte_start": 66140,
+          "byte_end": 70473,
           "bytes": 4333,
           "h3_count": 0
         }

package/data/_indexes/token-budget.json

@@ -3,8 +3,8 @@
     "schema_version": "1.0.0",
     "tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
     "approx_chars_per_token": 4,
-    "total_chars": 1672960,
-    "total_approx_tokens": 418246,
+    "total_chars": 1672973,
+    "total_approx_tokens": 418252,
     "skill_count": 42
   },
   "skills": {
@@ -70,10 +70,10 @@
     },
     "ai-attack-surface": {
       "path": "skills/ai-attack-surface/skill.md",
-      "bytes": 29677,
-      "chars": 29601,
+      "bytes": 29679,
+      "chars": 29603,
       "lines": 337,
-      "approx_tokens": 7400,
+      "approx_tokens": 7401,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -107,8 +107,8 @@
           "approx_tokens": 422
         },
         "defensive-countermeasure-mapping": {
-          "bytes": 3718,
-          "chars": 3706,
+          "bytes": 3720,
+          "chars": 3708,
           "approx_tokens": 927
         },
         "compliance-theater-check": {
@@ -120,10 +120,10 @@
     },
     "mcp-agent-trust": {
       "path": "skills/mcp-agent-trust/skill.md",
-      "bytes": 32105,
-      "chars": 32013,
+      "bytes": 32107,
+      "chars": 32015,
       "lines": 380,
-      "approx_tokens": 8003,
+      "approx_tokens": 8004,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -162,8 +162,8 @@
           "approx_tokens": 608
         },
         "defensive-countermeasure-mapping": {
-          "bytes": 4201,
-          "chars": 4195,
+          "bytes": 4203,
+          "chars": 4197,
           "approx_tokens": 1049
         },
         "compliance-theater-check": {
@@ -365,10 +365,10 @@
     },
     "rag-pipeline-security": {
       "path": "skills/rag-pipeline-security/skill.md",
-      "bytes": 31951,
-      "chars": 31776,
+      "bytes": 31953,
+      "chars": 31778,
       "lines": 334,
-      "approx_tokens": 7944,
+      "approx_tokens": 7945,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -432,9 +432,9 @@
           "approx_tokens": 656
         },
         "defensive-countermeasure-mapping": {
-          "bytes": 3879,
-          "chars": 3857,
-          "approx_tokens": 964
+          "bytes": 3881,
+          "chars": 3859,
+          "approx_tokens": 965
         },
         "compliance-theater-check": {
           "bytes": 644,
@@ -445,10 +445,10 @@
     },
     "ai-c2-detection": {
       "path": "skills/ai-c2-detection/skill.md",
-      "bytes": 39771,
-      "chars": 39617,
+      "bytes": 39773,
+      "chars": 39619,
       "lines": 488,
-      "approx_tokens": 9904,
+      "approx_tokens": 9905,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -492,8 +492,8 @@
           "approx_tokens": 1018
         },
         "defensive-countermeasure-mapping": {
-          "bytes": 3942,
-          "chars": 3930,
+          "bytes": 3944,
+          "chars": 3932,
           "approx_tokens": 983
         },
         "compliance-theater-check": {
@@ -1070,8 +1070,8 @@
     },
     "attack-surface-pentest": {
       "path": "skills/attack-surface-pentest/skill.md",
-      "bytes": 33290,
-      "chars": 33147,
+      "bytes": 33291,
+      "chars": 33148,
       "lines": 388,
       "approx_tokens": 8287,
       "approx_chars_per_token": 4,
@@ -1112,9 +1112,9 @@
           "approx_tokens": 576
         },
         "defensive-countermeasure-mapping": {
-          "bytes": 1611,
-          "chars": 1609,
-          "approx_tokens": 402
+          "bytes": 1612,
+          "chars": 1610,
+          "approx_tokens": 403
         }
       }
     },
@@ -1170,10 +1170,10 @@
     },
     "dlp-gap-analysis": {
       "path": "skills/dlp-gap-analysis/skill.md",
-      "bytes": 42409,
-      "chars": 42140,
+      "bytes": 42411,
+      "chars": 42142,
       "lines": 346,
-      "approx_tokens": 10535,
+      "approx_tokens": 10536,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -1212,8 +1212,8 @@
           "approx_tokens": 645
         },
         "defensive-countermeasure-mapping": {
-          "bytes": 3955,
-          "chars": 3903,
+          "bytes": 3957,
+          "chars": 3905,
           "approx_tokens": 976
         }
       }
@@ -2320,10 +2320,10 @@
     },
     "age-gates-child-safety": {
       "path": "skills/age-gates-child-safety/skill.md",
-      "bytes": 70471,
-      "chars": 70181,
+      "bytes": 70473,
+      "chars": 70183,
       "lines": 459,
-      "approx_tokens": 17545,
+      "approx_tokens": 17546,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -2362,8 +2362,8 @@
           "approx_tokens": 1517
         },
         "defensive-countermeasure-mapping": {
-          "bytes": 5142,
-          "chars": 5131,
+          "bytes": 5144,
+          "chars": 5133,
           "approx_tokens": 1283
         },
         "hand-off": {

package/data/cwe-catalog.json

@@ -2,8 +2,8 @@
   "_meta": {
     "schema_version": "1.0.0",
     "last_updated": "2026-05-19",
-    "cwe_version": "4.16",
-    "cwe_version_release_date": "2024-11-19",
+    "cwe_version": "4.20",
+    "cwe_version_release_date": "2026-04-30",
     "source": "https://cwe.mitre.org",
     "view_general": "CWE View 1003 (Weaknesses for Simplified Mapping of Published Vulnerabilities)",
     "view_research": "CWE View 1000 (Research Concepts)",

package/data/d3fend-catalog.json

@@ -2,8 +2,8 @@
   "_meta": {
     "schema_version": "1.0.0",
     "last_updated": "2026-05-19",
-    "d3fend_version": "1.0.0",
-    "d3fend_release_date": "2024-06-01",
+    "d3fend_version": "1.3.0",
+    "d3fend_release_date": "2025-12-16",
     "source": "https://d3fend.mitre.org",
     "skill_refs_field": "d3fend_refs",
     "complement_to": "atlas-ttps.json (offensive); D3FEND covers defensive countermeasures",