@blamejs/exceptd-skills 0.14.18 → 0.14.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -0
- package/data/_indexes/_meta.json +10 -10
- package/data/_indexes/section-offsets.json +62 -62
- package/data/_indexes/stale-content.json +3 -10
- package/data/_indexes/summary-cards.json +2 -2
- package/data/_indexes/token-budget.json +32 -32
- package/data/cve-catalog.json +18 -6
- package/data/framework-control-gaps.json +1 -1
- package/data/playbooks/mcp.json +1 -1
- package/data/playbooks/sbom.json +1 -1
- package/lib/scoring.js +11 -4
- package/lib/validate-cve-catalog.js +15 -0
- package/manifest.json +48 -48
- package/package.json +1 -1
- package/sbom.cdx.json +34 -34
- package/scripts/builders/stale-content.js +5 -1
- package/skills/email-security-anti-phishing/skill.md +1 -1
- package/skills/pqc-first/skill.md +1 -1
- package/skills/sector-telecom/skill.md +11 -11
- package/skills/threat-model-currency/skill.md +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,21 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.14.20 — 2026-05-27
|
|
4
|
+
|
|
5
|
+
Skill content cleanup:
|
|
6
|
+
- `sector-telecom` no longer labels its analysis-procedure subsections with the CLI verb names that were removed in 0.13.0 (`govern`, `direct`, `look`, etc.) — the section headings are neutral procedural language now. Its reference to `cred-stores` is annotated as a playbook (not a skill, matching the convention three sibling skills already use), and its `last_threat_review` date is quoted consistently with every other skill.
|
|
7
|
+
- `threat-model-currency` no longer pins an outdated date literal in its body that contradicted the frontmatter — it references the frontmatter `last_threat_review` so the assertion can't desync.
|
|
8
|
+
- `pqc-first` no longer leaks the engine's internal phase numbering ("Phase 5 analyze") into operator-facing output prose.
|
|
9
|
+
- `email-security-anti-phishing` no longer cites an internal contributor rule by name in its threat-context narrative.
|
|
10
|
+
|
|
11
|
+
## 0.14.19 — 2026-05-27
|
|
12
|
+
|
|
13
|
+
Catalog data-integrity pass:
|
|
14
|
+
- The AI supply-chain CVE families ShadowMQ (`CVE-2025-23254`, `CVE-2025-30165`, `CVE-2024-50050`, `CVE-2025-60455`) and the Triton authentication-bypass pair (`CVE-2026-24206`, `CVE-2026-24207`) now carry their ATLAS mapping (`AML.T0049`, Exploit Public-Facing Application) — matching the sibling entries in the same families that were already mapped.
|
|
15
|
+
- The `active_exploitation: "theoretical"` status (a published PoC with no observed in-the-wild exploitation) is now an explicit entry in the RWEP active-exploitation ladder instead of falling through to the zero default.
|
|
16
|
+
- The `framework-control-gaps` catalog's declared entry count is corrected (it read 184 while the catalog held 192) and a validator gate now fails if the declared count ever drifts from the actual count again.
|
|
17
|
+
- The derived staleness index counts jurisdictions consistently with the README and the catalog-summaries index (GLOBAL included → 35), clearing a false "badge drift" staleness finding.
|
|
18
|
+
|
|
3
19
|
## 0.14.18 — 2026-05-27
|
|
4
20
|
|
|
5
21
|
`precondition_check_source` now reports accurate provenance. A precondition supplied in the submission is tagged `submission` (it was always `merged`, because the value was internally copied into the run options), and a precondition the engine auto-detected from the host is tagged `auto` (it was mislabeled `submission`). A genuine programmatic override that supplies the same precondition both ways is still `merged`. Precondition gating behavior is unchanged.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,18 +1,18 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-28T02:33:36.583Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "dc4cdb2fa56243e42a1989558997a236e564176fa6c8e5dcae9de9d2dad8399b",
|
|
8
8
|
"data/atlas-ttps.json": "d24bc02859d40ccf1615db75cca68c077585904e41e0d8f6de448121e9b1abb0",
|
|
9
9
|
"data/attack-techniques.json": "fa193f0d2d248176a8beddb641e9fe56ba4faa9e15dc253ff876dbf0c5d58a77",
|
|
10
|
-
"data/cve-catalog.json": "
|
|
10
|
+
"data/cve-catalog.json": "03d8071c7ae244ccda7611c3bc66a5581c21e790d158c2948c3001f55aa5aac9",
|
|
11
11
|
"data/cwe-catalog.json": "0b82f1ba29024720dcafb66aaa6c7b59b535badd28dbac8a5c08737c5f25e9a9",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
14
14
|
"data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
|
|
15
|
-
"data/framework-control-gaps.json": "
|
|
15
|
+
"data/framework-control-gaps.json": "563890a91e25079c1b36f61d8cdf21176fba3801168c4b4697cabae3437b33c1",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
|
|
18
18
|
"data/zeroday-lessons.json": "258252b9bff1fc11b05b76e10b659c1195971884bd44c92af5fefe17a5ca9512",
|
|
@@ -25,10 +25,10 @@
|
|
|
25
25
|
"skills/rag-pipeline-security/skill.md": "792c6f48a7ff06785c24258cac1714068feafefb3f8f05e6c62ddce2f2f9128d",
|
|
26
26
|
"skills/ai-c2-detection/skill.md": "de83dc284dc4f85a8a383c0b715ec7b9ea127ec49c3227bf4c72344bad4008ed",
|
|
27
27
|
"skills/policy-exception-gen/skill.md": "238074319b57399c75d76439ef1ff67153b5a3207adf1556f3ca1e68cfe7cfaa",
|
|
28
|
-
"skills/threat-model-currency/skill.md": "
|
|
28
|
+
"skills/threat-model-currency/skill.md": "637861b4dcd2cb608c08c5aa62a8ef73efc976584f901e612c73cf53b3559422",
|
|
29
29
|
"skills/global-grc/skill.md": "57ca729034e9d33c527d869c1c4aa82fe37e496878a3cbcd9e5043cb62b7105d",
|
|
30
30
|
"skills/zeroday-gap-learn/skill.md": "d8872a4f5e5e927ae087e8319996ec3b9e010aa23fca32248c0909051032db48",
|
|
31
|
-
"skills/pqc-first/skill.md": "
|
|
31
|
+
"skills/pqc-first/skill.md": "8b77569100d10201044d63a69cbc83c9cfe6d2c3568884aa900ef0eb72ba99c3",
|
|
32
32
|
"skills/skill-update-loop/skill.md": "f7cd18df293b90c0d2afb6ba8b87664419becea6b63221f03efaf09c69586025",
|
|
33
33
|
"skills/security-maturity-tiers/skill.md": "2e46c9332a5a6190d4605ba7bc653410659be19fab50c78c0a6732f84ebdb300",
|
|
34
34
|
"skills/researcher/skill.md": "dc8ceab8f69af370abb1165ed14ead6f3e9d236a8f703165eba52014ebfd43ab",
|
|
@@ -47,14 +47,14 @@
|
|
|
47
47
|
"skills/sector-financial/skill.md": "ad8f207a6ce255aad9c33ea9a3009fb707c0f59be9df565fe68679654488bb6e",
|
|
48
48
|
"skills/sector-federal-government/skill.md": "7b513d2365390fdb546c0f266139a21ae247339f0e346695fcbc92ba3d7fa69a",
|
|
49
49
|
"skills/sector-energy/skill.md": "9aed96c78e8aaeafd3b7564d26311d625b4466a1e3822281721bdbfcfca058ec",
|
|
50
|
-
"skills/sector-telecom/skill.md": "
|
|
50
|
+
"skills/sector-telecom/skill.md": "2f336a0b79cd28a3353ec0a72ce0469ac57305345d652247e7cb368f79ec8d4f",
|
|
51
51
|
"skills/api-security/skill.md": "120ed75df17db4dfc4746b9d5bd6efd33786bbf68cb840670aeed0be505866f9",
|
|
52
52
|
"skills/cloud-security/skill.md": "425be2c6e3563f011d0280bf03268425bf60923ae3d02eafbf1b56d04f0b7ffe",
|
|
53
53
|
"skills/container-runtime-security/skill.md": "f22bf5a305f8a33884d49d9bfb25fa2bd00c4b3d0dc490bd12f20a7721683b4a",
|
|
54
54
|
"skills/mlops-security/skill.md": "498549ddc9d870cb8d6a28a4d79b8d7058d5eed832d7c266c281084f4371ce46",
|
|
55
55
|
"skills/incident-response-playbook/skill.md": "9c219de36c7d702dff8504a25e2f1b07459716ea2ed02f49d751f91dbeca1b01",
|
|
56
56
|
"skills/ransomware-response/skill.md": "471b714c42717d43f81b2b582cd8e89ca8d3140de2ddc06cce15f012a0e19be1",
|
|
57
|
-
"skills/email-security-anti-phishing/skill.md": "
|
|
57
|
+
"skills/email-security-anti-phishing/skill.md": "da0b937350e538b55db8daa1f50047d9f4e889e6b89b040dcecfb71feecd63d7",
|
|
58
58
|
"skills/age-gates-child-safety/skill.md": "639b79a2724415afe9e4469202f806e5bec022c0946c9496d4e17ed73aabbe21",
|
|
59
59
|
"skills/cloud-iam-incident/skill.md": "5ec3800a0049b2123aff67bfab4ff28491a86d2daeb712283e5e88b10c3d5d7b",
|
|
60
60
|
"skills/idp-incident-response/skill.md": "e67a2576e7f1c3bf89f499f5c977bc470ef29e8b3e3e45f4cb5bd45a82674282"
|
|
@@ -78,7 +78,7 @@
|
|
|
78
78
|
"handoff_dag_nodes": 42,
|
|
79
79
|
"summary_cards": 42,
|
|
80
80
|
"section_offsets_skills": 42,
|
|
81
|
-
"token_budget_total_approx":
|
|
81
|
+
"token_budget_total_approx": 418226,
|
|
82
82
|
"recipes": 8,
|
|
83
83
|
"jurisdiction_clocks": 29,
|
|
84
84
|
"did_ladders": 8,
|
|
@@ -87,7 +87,7 @@
|
|
|
87
87
|
"frequency_fields": 7,
|
|
88
88
|
"activity_feed_events": 54,
|
|
89
89
|
"catalog_summaries": 11,
|
|
90
|
-
"stale_content_findings":
|
|
90
|
+
"stale_content_findings": 0
|
|
91
91
|
},
|
|
92
92
|
"invalidation_note": "If any source file in source_hashes has a different SHA-256 than recorded here, the indexes are stale. Re-run `npm run build-indexes`."
|
|
93
93
|
}
|
|
@@ -991,7 +991,7 @@
|
|
|
991
991
|
},
|
|
992
992
|
"threat-model-currency": {
|
|
993
993
|
"path": "skills/threat-model-currency/skill.md",
|
|
994
|
-
"total_bytes":
|
|
994
|
+
"total_bytes": 33310,
|
|
995
995
|
"total_lines": 448,
|
|
996
996
|
"frontmatter": {
|
|
997
997
|
"line_start": 1,
|
|
@@ -1059,16 +1059,16 @@
|
|
|
1059
1059
|
"normalized_name": "exploit-availability-matrix",
|
|
1060
1060
|
"line": 289,
|
|
1061
1061
|
"byte_start": 20815,
|
|
1062
|
-
"byte_end":
|
|
1063
|
-
"bytes":
|
|
1062
|
+
"byte_end": 23168,
|
|
1063
|
+
"bytes": 2353,
|
|
1064
1064
|
"h3_count": 0
|
|
1065
1065
|
},
|
|
1066
1066
|
{
|
|
1067
1067
|
"name": "Compliance Theater Check",
|
|
1068
1068
|
"normalized_name": "compliance-theater-check",
|
|
1069
1069
|
"line": 308,
|
|
1070
|
-
"byte_start":
|
|
1071
|
-
"byte_end":
|
|
1070
|
+
"byte_start": 23168,
|
|
1071
|
+
"byte_end": 24736,
|
|
1072
1072
|
"bytes": 1568,
|
|
1073
1073
|
"h3_count": 0
|
|
1074
1074
|
},
|
|
@@ -1076,8 +1076,8 @@
|
|
|
1076
1076
|
"name": "Scoring",
|
|
1077
1077
|
"normalized_name": "scoring",
|
|
1078
1078
|
"line": 324,
|
|
1079
|
-
"byte_start":
|
|
1080
|
-
"byte_end":
|
|
1079
|
+
"byte_start": 24736,
|
|
1080
|
+
"byte_end": 25278,
|
|
1081
1081
|
"bytes": 542,
|
|
1082
1082
|
"h3_count": 0
|
|
1083
1083
|
},
|
|
@@ -1085,8 +1085,8 @@
|
|
|
1085
1085
|
"name": "Analysis Procedure",
|
|
1086
1086
|
"normalized_name": "analysis-procedure",
|
|
1087
1087
|
"line": 343,
|
|
1088
|
-
"byte_start":
|
|
1089
|
-
"byte_end":
|
|
1088
|
+
"byte_start": 25278,
|
|
1089
|
+
"byte_end": 26208,
|
|
1090
1090
|
"bytes": 930,
|
|
1091
1091
|
"h3_count": 4
|
|
1092
1092
|
},
|
|
@@ -1094,8 +1094,8 @@
|
|
|
1094
1094
|
"name": "Output Format",
|
|
1095
1095
|
"normalized_name": "output-format",
|
|
1096
1096
|
"line": 375,
|
|
1097
|
-
"byte_start":
|
|
1098
|
-
"byte_end":
|
|
1097
|
+
"byte_start": 26208,
|
|
1098
|
+
"byte_end": 28181,
|
|
1099
1099
|
"bytes": 1973,
|
|
1100
1100
|
"h3_count": 4
|
|
1101
1101
|
},
|
|
@@ -1103,8 +1103,8 @@
|
|
|
1103
1103
|
"name": "Defensive Countermeasure Mapping",
|
|
1104
1104
|
"normalized_name": "defensive-countermeasure-mapping",
|
|
1105
1105
|
"line": 417,
|
|
1106
|
-
"byte_start":
|
|
1107
|
-
"byte_end":
|
|
1106
|
+
"byte_start": 28181,
|
|
1107
|
+
"byte_end": 33310,
|
|
1108
1108
|
"bytes": 5129,
|
|
1109
1109
|
"h3_count": 0
|
|
1110
1110
|
}
|
|
@@ -1327,7 +1327,7 @@
|
|
|
1327
1327
|
},
|
|
1328
1328
|
"pqc-first": {
|
|
1329
1329
|
"path": "skills/pqc-first/skill.md",
|
|
1330
|
-
"total_bytes":
|
|
1330
|
+
"total_bytes": 38002,
|
|
1331
1331
|
"total_lines": 572,
|
|
1332
1332
|
"frontmatter": {
|
|
1333
1333
|
"line_start": 1,
|
|
@@ -1449,16 +1449,16 @@
|
|
|
1449
1449
|
"normalized_name": "output-format",
|
|
1450
1450
|
"line": 515,
|
|
1451
1451
|
"byte_start": 31983,
|
|
1452
|
-
"byte_end":
|
|
1453
|
-
"bytes":
|
|
1452
|
+
"byte_end": 33474,
|
|
1453
|
+
"bytes": 1491,
|
|
1454
1454
|
"h3_count": 6
|
|
1455
1455
|
},
|
|
1456
1456
|
{
|
|
1457
1457
|
"name": "Defensive Countermeasure Mapping",
|
|
1458
1458
|
"normalized_name": "defensive-countermeasure-mapping",
|
|
1459
1459
|
"line": 548,
|
|
1460
|
-
"byte_start":
|
|
1461
|
-
"byte_end":
|
|
1460
|
+
"byte_start": 33474,
|
|
1461
|
+
"byte_end": 37342,
|
|
1462
1462
|
"bytes": 3868,
|
|
1463
1463
|
"h3_count": 0
|
|
1464
1464
|
},
|
|
@@ -1466,8 +1466,8 @@
|
|
|
1466
1466
|
"name": "Compliance Theater Check",
|
|
1467
1467
|
"normalized_name": "compliance-theater-check",
|
|
1468
1468
|
"line": 569,
|
|
1469
|
-
"byte_start":
|
|
1470
|
-
"byte_end":
|
|
1469
|
+
"byte_start": 37342,
|
|
1470
|
+
"byte_end": 38002,
|
|
1471
1471
|
"bytes": 660,
|
|
1472
1472
|
"h3_count": 0
|
|
1473
1473
|
}
|
|
@@ -3230,21 +3230,21 @@
|
|
|
3230
3230
|
},
|
|
3231
3231
|
"sector-telecom": {
|
|
3232
3232
|
"path": "skills/sector-telecom/skill.md",
|
|
3233
|
-
"total_bytes":
|
|
3233
|
+
"total_bytes": 20754,
|
|
3234
3234
|
"total_lines": 257,
|
|
3235
3235
|
"frontmatter": {
|
|
3236
3236
|
"line_start": 1,
|
|
3237
3237
|
"line_end": 71,
|
|
3238
3238
|
"byte_start": 0,
|
|
3239
|
-
"byte_end":
|
|
3239
|
+
"byte_end": 1991
|
|
3240
3240
|
},
|
|
3241
3241
|
"sections": [
|
|
3242
3242
|
{
|
|
3243
3243
|
"name": "Threat Context (mid-2026)",
|
|
3244
3244
|
"normalized_name": "threat-context",
|
|
3245
3245
|
"line": 73,
|
|
3246
|
-
"byte_start":
|
|
3247
|
-
"byte_end":
|
|
3246
|
+
"byte_start": 1992,
|
|
3247
|
+
"byte_end": 5180,
|
|
3248
3248
|
"bytes": 3188,
|
|
3249
3249
|
"h3_count": 0
|
|
3250
3250
|
},
|
|
@@ -3252,8 +3252,8 @@
|
|
|
3252
3252
|
"name": "Framework Lag Declaration",
|
|
3253
3253
|
"normalized_name": "framework-lag-declaration",
|
|
3254
3254
|
"line": 87,
|
|
3255
|
-
"byte_start":
|
|
3256
|
-
"byte_end":
|
|
3255
|
+
"byte_start": 5180,
|
|
3256
|
+
"byte_end": 7262,
|
|
3257
3257
|
"bytes": 2082,
|
|
3258
3258
|
"h3_count": 0
|
|
3259
3259
|
},
|
|
@@ -3261,8 +3261,8 @@
|
|
|
3261
3261
|
"name": "TTP Mapping",
|
|
3262
3262
|
"normalized_name": "ttp-mapping",
|
|
3263
3263
|
"line": 91,
|
|
3264
|
-
"byte_start":
|
|
3265
|
-
"byte_end":
|
|
3264
|
+
"byte_start": 7262,
|
|
3265
|
+
"byte_end": 8696,
|
|
3266
3266
|
"bytes": 1434,
|
|
3267
3267
|
"h3_count": 0
|
|
3268
3268
|
},
|
|
@@ -3270,8 +3270,8 @@
|
|
|
3270
3270
|
"name": "Exploit Availability Matrix",
|
|
3271
3271
|
"normalized_name": "exploit-availability-matrix",
|
|
3272
3272
|
"line": 105,
|
|
3273
|
-
"byte_start":
|
|
3274
|
-
"byte_end":
|
|
3273
|
+
"byte_start": 8696,
|
|
3274
|
+
"byte_end": 9890,
|
|
3275
3275
|
"bytes": 1194,
|
|
3276
3276
|
"h3_count": 0
|
|
3277
3277
|
},
|
|
@@ -3279,26 +3279,26 @@
|
|
|
3279
3279
|
"name": "Analysis Procedure",
|
|
3280
3280
|
"normalized_name": "analysis-procedure",
|
|
3281
3281
|
"line": 118,
|
|
3282
|
-
"byte_start":
|
|
3283
|
-
"byte_end":
|
|
3284
|
-
"bytes":
|
|
3282
|
+
"byte_start": 9890,
|
|
3283
|
+
"byte_end": 15596,
|
|
3284
|
+
"bytes": 5706,
|
|
3285
3285
|
"h3_count": 7
|
|
3286
3286
|
},
|
|
3287
3287
|
{
|
|
3288
3288
|
"name": "Output Format",
|
|
3289
3289
|
"normalized_name": "output-format",
|
|
3290
3290
|
"line": 180,
|
|
3291
|
-
"byte_start":
|
|
3292
|
-
"byte_end":
|
|
3293
|
-
"bytes":
|
|
3291
|
+
"byte_start": 15596,
|
|
3292
|
+
"byte_end": 17087,
|
|
3293
|
+
"bytes": 1491,
|
|
3294
3294
|
"h3_count": 0
|
|
3295
3295
|
},
|
|
3296
3296
|
{
|
|
3297
3297
|
"name": "Compliance Theater Check",
|
|
3298
3298
|
"normalized_name": "compliance-theater-check",
|
|
3299
3299
|
"line": 228,
|
|
3300
|
-
"byte_start":
|
|
3301
|
-
"byte_end":
|
|
3300
|
+
"byte_start": 17087,
|
|
3301
|
+
"byte_end": 19294,
|
|
3302
3302
|
"bytes": 2207,
|
|
3303
3303
|
"h3_count": 0
|
|
3304
3304
|
},
|
|
@@ -3306,8 +3306,8 @@
|
|
|
3306
3306
|
"name": "Defensive Countermeasure Mapping",
|
|
3307
3307
|
"normalized_name": "defensive-countermeasure-mapping",
|
|
3308
3308
|
"line": 240,
|
|
3309
|
-
"byte_start":
|
|
3310
|
-
"byte_end":
|
|
3309
|
+
"byte_start": 19294,
|
|
3310
|
+
"byte_end": 20045,
|
|
3311
3311
|
"bytes": 751,
|
|
3312
3312
|
"h3_count": 0
|
|
3313
3313
|
},
|
|
@@ -3315,9 +3315,9 @@
|
|
|
3315
3315
|
"name": "Hand-Off / Related Skills",
|
|
3316
3316
|
"normalized_name": "hand-off",
|
|
3317
3317
|
"line": 250,
|
|
3318
|
-
"byte_start":
|
|
3319
|
-
"byte_end":
|
|
3320
|
-
"bytes":
|
|
3318
|
+
"byte_start": 20045,
|
|
3319
|
+
"byte_end": 20754,
|
|
3320
|
+
"bytes": 709,
|
|
3321
3321
|
"h3_count": 0
|
|
3322
3322
|
}
|
|
3323
3323
|
]
|
|
@@ -3888,7 +3888,7 @@
|
|
|
3888
3888
|
},
|
|
3889
3889
|
"email-security-anti-phishing": {
|
|
3890
3890
|
"path": "skills/email-security-anti-phishing/skill.md",
|
|
3891
|
-
"total_bytes":
|
|
3891
|
+
"total_bytes": 29207,
|
|
3892
3892
|
"total_lines": 219,
|
|
3893
3893
|
"frontmatter": {
|
|
3894
3894
|
"line_start": 1,
|
|
@@ -3902,16 +3902,16 @@
|
|
|
3902
3902
|
"normalized_name": "threat-context",
|
|
3903
3903
|
"line": 62,
|
|
3904
3904
|
"byte_start": 1381,
|
|
3905
|
-
"byte_end":
|
|
3906
|
-
"bytes":
|
|
3905
|
+
"byte_end": 5786,
|
|
3906
|
+
"bytes": 4405,
|
|
3907
3907
|
"h3_count": 0
|
|
3908
3908
|
},
|
|
3909
3909
|
{
|
|
3910
3910
|
"name": "Framework Lag Declaration",
|
|
3911
3911
|
"normalized_name": "framework-lag-declaration",
|
|
3912
3912
|
"line": 80,
|
|
3913
|
-
"byte_start":
|
|
3914
|
-
"byte_end":
|
|
3913
|
+
"byte_start": 5786,
|
|
3914
|
+
"byte_end": 9868,
|
|
3915
3915
|
"bytes": 4082,
|
|
3916
3916
|
"h3_count": 0
|
|
3917
3917
|
},
|
|
@@ -3919,8 +3919,8 @@
|
|
|
3919
3919
|
"name": "TTP Mapping",
|
|
3920
3920
|
"normalized_name": "ttp-mapping",
|
|
3921
3921
|
"line": 102,
|
|
3922
|
-
"byte_start":
|
|
3923
|
-
"byte_end":
|
|
3922
|
+
"byte_start": 9868,
|
|
3923
|
+
"byte_end": 11960,
|
|
3924
3924
|
"bytes": 2092,
|
|
3925
3925
|
"h3_count": 0
|
|
3926
3926
|
},
|
|
@@ -3928,8 +3928,8 @@
|
|
|
3928
3928
|
"name": "Exploit Availability Matrix",
|
|
3929
3929
|
"normalized_name": "exploit-availability-matrix",
|
|
3930
3930
|
"line": 116,
|
|
3931
|
-
"byte_start":
|
|
3932
|
-
"byte_end":
|
|
3931
|
+
"byte_start": 11960,
|
|
3932
|
+
"byte_end": 13800,
|
|
3933
3933
|
"bytes": 1840,
|
|
3934
3934
|
"h3_count": 0
|
|
3935
3935
|
},
|
|
@@ -3937,8 +3937,8 @@
|
|
|
3937
3937
|
"name": "Analysis Procedure",
|
|
3938
3938
|
"normalized_name": "analysis-procedure",
|
|
3939
3939
|
"line": 135,
|
|
3940
|
-
"byte_start":
|
|
3941
|
-
"byte_end":
|
|
3940
|
+
"byte_start": 13800,
|
|
3941
|
+
"byte_end": 21242,
|
|
3942
3942
|
"bytes": 7442,
|
|
3943
3943
|
"h3_count": 0
|
|
3944
3944
|
},
|
|
@@ -3946,8 +3946,8 @@
|
|
|
3946
3946
|
"name": "Output Format",
|
|
3947
3947
|
"normalized_name": "output-format",
|
|
3948
3948
|
"line": 164,
|
|
3949
|
-
"byte_start":
|
|
3950
|
-
"byte_end":
|
|
3949
|
+
"byte_start": 21242,
|
|
3950
|
+
"byte_end": 23063,
|
|
3951
3951
|
"bytes": 1821,
|
|
3952
3952
|
"h3_count": 0
|
|
3953
3953
|
},
|
|
@@ -3955,8 +3955,8 @@
|
|
|
3955
3955
|
"name": "Compliance Theater Check",
|
|
3956
3956
|
"normalized_name": "compliance-theater-check",
|
|
3957
3957
|
"line": 181,
|
|
3958
|
-
"byte_start":
|
|
3959
|
-
"byte_end":
|
|
3958
|
+
"byte_start": 23063,
|
|
3959
|
+
"byte_end": 24865,
|
|
3960
3960
|
"bytes": 1802,
|
|
3961
3961
|
"h3_count": 0
|
|
3962
3962
|
},
|
|
@@ -3964,8 +3964,8 @@
|
|
|
3964
3964
|
"name": "Defensive Countermeasure Mapping",
|
|
3965
3965
|
"normalized_name": "defensive-countermeasure-mapping",
|
|
3966
3966
|
"line": 192,
|
|
3967
|
-
"byte_start":
|
|
3968
|
-
"byte_end":
|
|
3967
|
+
"byte_start": 24865,
|
|
3968
|
+
"byte_end": 28072,
|
|
3969
3969
|
"bytes": 3207,
|
|
3970
3970
|
"h3_count": 0
|
|
3971
3971
|
},
|
|
@@ -3973,8 +3973,8 @@
|
|
|
3973
3973
|
"name": "Hand-Off / Related Skills",
|
|
3974
3974
|
"normalized_name": "hand-off",
|
|
3975
3975
|
"line": 207,
|
|
3976
|
-
"byte_start":
|
|
3977
|
-
"byte_end":
|
|
3976
|
+
"byte_start": 28072,
|
|
3977
|
+
"byte_end": 29207,
|
|
3978
3978
|
"bytes": 1135,
|
|
3979
3979
|
"h3_count": 0
|
|
3980
3980
|
}
|
|
@@ -3,19 +3,12 @@
|
|
|
3
3
|
"schema_version": "1.0.0",
|
|
4
4
|
"reference_date": "2026-05-15",
|
|
5
5
|
"note": "Stale-content snapshot derived from audit-cross-skill checks. Re-runs of build-indexes against the same inputs produce byte-identical output (reference_date is manifest.threat_review_date, not 'now'). audit-cross-skill.js remains the canonical interactive audit.",
|
|
6
|
-
"finding_count":
|
|
6
|
+
"finding_count": 0,
|
|
7
7
|
"by_severity": {
|
|
8
8
|
"high": 0,
|
|
9
|
-
"medium":
|
|
9
|
+
"medium": 0,
|
|
10
10
|
"low": 0
|
|
11
11
|
}
|
|
12
12
|
},
|
|
13
|
-
"findings": [
|
|
14
|
-
{
|
|
15
|
-
"severity": "medium",
|
|
16
|
-
"category": "badge_drift",
|
|
17
|
-
"artifact": "README.md",
|
|
18
|
-
"detail": "jurisdictions badge shows 35, live count is 34"
|
|
19
|
-
}
|
|
20
|
-
]
|
|
13
|
+
"findings": []
|
|
21
14
|
}
|
|
@@ -469,7 +469,7 @@
|
|
|
469
469
|
"pqc-first": {
|
|
470
470
|
"description": "Post-quantum cryptography first mentality — hard version gates (OpenSSL 3.5+), algorithm sunset tracking, HNDL assessment, loopback learning for NIST/IETF evolution",
|
|
471
471
|
"threat_context_excerpt": "The post-quantum migration is not a planning exercise. It is an operational deadline against an adversary that is already collecting ciphertext.",
|
|
472
|
-
"produces": "The skill produces a structured PQC Readiness Assessment that scores the org's post-quantum migration posture against the NIST PQC standards (ML-KEM / FIPS 203, ML-DSA / FIPS 204, SLH-DSA / FIPS 205), CNSA 2.0, and the BSI / ANSSI / NCSC migration guidance. The shape below is consumed downstream by `crypto` playbook runs (which feed the assessment into
|
|
472
|
+
"produces": "The skill produces a structured PQC Readiness Assessment that scores the org's post-quantum migration posture against the NIST PQC standards (ML-KEM / FIPS 203, ML-DSA / FIPS 204, SLH-DSA / FIPS 205), CNSA 2.0, and the BSI / ANSSI / NCSC migration guidance. The shape below is consumed downstream by `crypto` playbook runs (which feed the assessment into the analysis correlation step), by `framework-gap-analysis` (for SC-8 / SC-13 / A.8.24 / A.10 lag declarations), and by `compliance-theater` (which compares the harvest-now-decrypt-later exposure against the org's data-classification claims). Pr ...",
|
|
473
473
|
"key_xrefs": {
|
|
474
474
|
"cwe_refs": [
|
|
475
475
|
"CWE-327"
|
|
@@ -1354,7 +1354,7 @@
|
|
|
1354
1354
|
"sector-telecom": {
|
|
1355
1355
|
"description": "Telecom and 5G security for mid-2026 — Salt Typhoon, Volt Typhoon, CALEA / IPA-LI gateway compromise, signaling-protocol abuse (SS7 / Diameter / GTP), 5G N6 / N9 isolation, gNB / DU / CU integrity, OEM-equipment supply-chain compromise, AI-RAN / O-RAN security",
|
|
1356
1356
|
"threat_context_excerpt": "**Salt Typhoon (China nation-state; PRC Ministry of State Security nexus).** The 2024–2026 campaign — disclosed in successive Five Eyes joint advisories from October 2024 onward (CISA / NSA / FBI joint product reissued through 2025–2026) — compromised at least nine US carriers (publicly named: AT&T, Verizon, T-Mobile US, Lumen, Charter, Cox, Windstream, Consolidated, plus undisclosed others) and extended to AU / CA / NZ / UK Tier-1 carriers. Threat actor TTPs map to T1199 (Trusted Relationship) via OEM vendor supply chain, T1098 (Account Manipulation) for persistent admin access on NMS, and ...",
|
|
1357
|
-
"produces": "The investigation evidence bundle
|
|
1357
|
+
"produces": "The investigation evidence bundle has this shape:\n\n```json\n{\n \"session_id\": \"telecom-<iso>\",\n \"playbook_id\": \"sector-telecom\",\n \"classification\": \"detected | clean | not_detected | inconclusive\",\n \"evidence_hash\": \"sha256:...\",\n \"telecom_specific_findings\": {\n \"li_gateway_audit\": {\n \"anomalous_activations\": 0,\n \"activations_outside_ticket\": 0,\n \"outbound_tunnel_to_non_allowlist_ip\": 0\n },\n \"gnb_attestation_state\": {\n \"expected_hashes_compared\": 0,\n \"drifted_basestations\": [],\n \"downgrade_events\": 0\n },\n \"signaling_anomaly_count\": {\n \"ss7_p ...",
|
|
1358
1358
|
"key_xrefs": {
|
|
1359
1359
|
"cwe_refs": [
|
|
1360
1360
|
"CWE-287",
|
|
@@ -3,8 +3,8 @@
|
|
|
3
3
|
"schema_version": "1.0.0",
|
|
4
4
|
"tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
|
|
5
5
|
"approx_chars_per_token": 4,
|
|
6
|
-
"total_chars":
|
|
7
|
-
"total_approx_tokens":
|
|
6
|
+
"total_chars": 1672872,
|
|
7
|
+
"total_approx_tokens": 418226,
|
|
8
8
|
"skill_count": 42
|
|
9
9
|
},
|
|
10
10
|
"skills": {
|
|
@@ -575,10 +575,10 @@
|
|
|
575
575
|
},
|
|
576
576
|
"threat-model-currency": {
|
|
577
577
|
"path": "skills/threat-model-currency/skill.md",
|
|
578
|
-
"bytes":
|
|
579
|
-
"chars":
|
|
578
|
+
"bytes": 33310,
|
|
579
|
+
"chars": 33124,
|
|
580
580
|
"lines": 448,
|
|
581
|
-
"approx_tokens":
|
|
581
|
+
"approx_tokens": 8281,
|
|
582
582
|
"approx_chars_per_token": 4,
|
|
583
583
|
"sections": {
|
|
584
584
|
"frontmatter-scope": {
|
|
@@ -612,9 +612,9 @@
|
|
|
612
612
|
"approx_tokens": 765
|
|
613
613
|
},
|
|
614
614
|
"exploit-availability-matrix": {
|
|
615
|
-
"bytes":
|
|
616
|
-
"chars":
|
|
617
|
-
"approx_tokens":
|
|
615
|
+
"bytes": 2353,
|
|
616
|
+
"chars": 2335,
|
|
617
|
+
"approx_tokens": 584
|
|
618
618
|
},
|
|
619
619
|
"compliance-theater-check": {
|
|
620
620
|
"bytes": 1568,
|
|
@@ -770,10 +770,10 @@
|
|
|
770
770
|
},
|
|
771
771
|
"pqc-first": {
|
|
772
772
|
"path": "skills/pqc-first/skill.md",
|
|
773
|
-
"bytes":
|
|
774
|
-
"chars":
|
|
773
|
+
"bytes": 38002,
|
|
774
|
+
"chars": 37832,
|
|
775
775
|
"lines": 572,
|
|
776
|
-
"approx_tokens":
|
|
776
|
+
"approx_tokens": 9458,
|
|
777
777
|
"approx_chars_per_token": 4,
|
|
778
778
|
"sections": {
|
|
779
779
|
"threat-context": {
|
|
@@ -837,9 +837,9 @@
|
|
|
837
837
|
"approx_tokens": 375
|
|
838
838
|
},
|
|
839
839
|
"output-format": {
|
|
840
|
-
"bytes":
|
|
841
|
-
"chars":
|
|
842
|
-
"approx_tokens":
|
|
840
|
+
"bytes": 1491,
|
|
841
|
+
"chars": 1485,
|
|
842
|
+
"approx_tokens": 371
|
|
843
843
|
},
|
|
844
844
|
"defensive-countermeasure-mapping": {
|
|
845
845
|
"bytes": 3868,
|
|
@@ -1880,10 +1880,10 @@
|
|
|
1880
1880
|
},
|
|
1881
1881
|
"sector-telecom": {
|
|
1882
1882
|
"path": "skills/sector-telecom/skill.md",
|
|
1883
|
-
"bytes":
|
|
1884
|
-
"chars":
|
|
1883
|
+
"bytes": 20754,
|
|
1884
|
+
"chars": 20668,
|
|
1885
1885
|
"lines": 257,
|
|
1886
|
-
"approx_tokens":
|
|
1886
|
+
"approx_tokens": 5167,
|
|
1887
1887
|
"approx_chars_per_token": 4,
|
|
1888
1888
|
"sections": {
|
|
1889
1889
|
"threat-context": {
|
|
@@ -1907,14 +1907,14 @@
|
|
|
1907
1907
|
"approx_tokens": 299
|
|
1908
1908
|
},
|
|
1909
1909
|
"analysis-procedure": {
|
|
1910
|
-
"bytes":
|
|
1911
|
-
"chars":
|
|
1912
|
-
"approx_tokens":
|
|
1910
|
+
"bytes": 5706,
|
|
1911
|
+
"chars": 5664,
|
|
1912
|
+
"approx_tokens": 1416
|
|
1913
1913
|
},
|
|
1914
1914
|
"output-format": {
|
|
1915
|
-
"bytes":
|
|
1916
|
-
"chars":
|
|
1917
|
-
"approx_tokens":
|
|
1915
|
+
"bytes": 1491,
|
|
1916
|
+
"chars": 1491,
|
|
1917
|
+
"approx_tokens": 373
|
|
1918
1918
|
},
|
|
1919
1919
|
"compliance-theater-check": {
|
|
1920
1920
|
"bytes": 2207,
|
|
@@ -1927,9 +1927,9 @@
|
|
|
1927
1927
|
"approx_tokens": 188
|
|
1928
1928
|
},
|
|
1929
1929
|
"hand-off": {
|
|
1930
|
-
"bytes":
|
|
1931
|
-
"chars":
|
|
1932
|
-
"approx_tokens":
|
|
1930
|
+
"bytes": 709,
|
|
1931
|
+
"chars": 699,
|
|
1932
|
+
"approx_tokens": 175
|
|
1933
1933
|
}
|
|
1934
1934
|
}
|
|
1935
1935
|
},
|
|
@@ -2265,16 +2265,16 @@
|
|
|
2265
2265
|
},
|
|
2266
2266
|
"email-security-anti-phishing": {
|
|
2267
2267
|
"path": "skills/email-security-anti-phishing/skill.md",
|
|
2268
|
-
"bytes":
|
|
2269
|
-
"chars":
|
|
2268
|
+
"bytes": 29207,
|
|
2269
|
+
"chars": 29091,
|
|
2270
2270
|
"lines": 219,
|
|
2271
|
-
"approx_tokens":
|
|
2271
|
+
"approx_tokens": 7273,
|
|
2272
2272
|
"approx_chars_per_token": 4,
|
|
2273
2273
|
"sections": {
|
|
2274
2274
|
"threat-context": {
|
|
2275
|
-
"bytes":
|
|
2276
|
-
"chars":
|
|
2277
|
-
"approx_tokens":
|
|
2275
|
+
"bytes": 4405,
|
|
2276
|
+
"chars": 4389,
|
|
2277
|
+
"approx_tokens": 1097
|
|
2278
2278
|
},
|
|
2279
2279
|
"framework-lag-declaration": {
|
|
2280
2280
|
"bytes": 4082,
|