@blamejs/exceptd-skills 0.15.0 → 0.15.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +44 -44
- package/data/_indexes/section-offsets.json +804 -795
- package/data/_indexes/summary-cards.json +3 -3
- package/data/_indexes/token-budget.json +506 -501
- package/data/cve-catalog.json +154 -7
- package/manifest.json +84 -84
- package/package.json +1 -1
- package/sbom.cdx.json +94 -94
- package/skills/age-gates-child-safety/skill.md +7 -7
- package/skills/ai-attack-surface/skill.md +1 -1
- package/skills/ai-c2-detection/skill.md +3 -3
- package/skills/ai-risk-management/skill.md +9 -9
- package/skills/api-security/skill.md +4 -4
- package/skills/cloud-security/skill.md +7 -7
- package/skills/compliance-theater/skill.md +4 -4
- package/skills/container-runtime-security/skill.md +6 -6
- package/skills/coordinated-vuln-disclosure/skill.md +12 -12
- package/skills/defensive-countermeasure-mapping/skill.md +14 -10
- package/skills/dlp-gap-analysis/skill.md +3 -3
- package/skills/email-security-anti-phishing/skill.md +6 -6
- package/skills/exploit-scoring/skill.md +2 -2
- package/skills/framework-gap-analysis/skill.md +6 -6
- package/skills/fuzz-testing-strategy/skill.md +1 -1
- package/skills/global-grc/skill.md +2 -2
- package/skills/identity-assurance/skill.md +5 -5
- package/skills/idp-incident-response/skill.md +5 -5
- package/skills/incident-response-playbook/skill.md +8 -8
- package/skills/kernel-lpe-triage/skill.md +4 -4
- package/skills/mcp-agent-trust/skill.md +3 -3
- package/skills/mlops-security/skill.md +5 -5
- package/skills/ot-ics-security/skill.md +7 -7
- package/skills/policy-exception-gen/skill.md +2 -2
- package/skills/pqc-first/skill.md +2 -2
- package/skills/rag-pipeline-security/skill.md +2 -2
- package/skills/ransomware-response/skill.md +9 -9
- package/skills/researcher/skill.md +11 -11
- package/skills/sector-energy/skill.md +6 -6
- package/skills/sector-federal-government/skill.md +2 -2
- package/skills/sector-financial/skill.md +4 -4
- package/skills/sector-healthcare/skill.md +6 -6
- package/skills/sector-telecom/skill.md +1 -1
- package/skills/security-maturity-tiers/skill.md +4 -4
- package/skills/skill-update-loop/skill.md +6 -6
- package/skills/supply-chain-integrity/skill.md +1 -1
- package/skills/threat-model-currency/skill.md +3 -3
- package/skills/threat-modeling-methodology/skill.md +9 -9
- package/skills/webapp-security/skill.md +7 -7
- package/skills/zeroday-gap-learn/skill.md +8 -8
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.15.1 — 2026-05-29
|
|
4
|
+
|
|
5
|
+
Skill content and catalog hygiene.
|
|
6
|
+
|
|
7
|
+
Every skill now describes its requirements in its own terms. References that pointed at the project's internal contributor guide by name or number — "per AGENTS.md", "Hard Rule #N", "DR-N" — have been replaced with the substance of the rule, since an operator reading a shipped skill cannot resolve those pointers. The behavior each rule mandates is unchanged and stated inline (CVSS reported alongside RWEP, global-first jurisdiction coverage, the zero-day learning loop, no orphaned controls, and so on). Version stamps left in skill frontmatter comments were removed.
|
|
8
|
+
|
|
9
|
+
Seven flagship actively-exploited catalog entries — runc "Leaky Vessels" (CVE-2024-21626), the xz-utils backdoor (CVE-2024-3094), SolarWinds Orion (CVE-2020-10148), Citrix NetScaler (CVE-2023-3519), ConnectWise ScreenConnect (CVE-2024-1709), Cisco SD-WAN (CVE-2026-20182), and Fortinet FortiOS (CVE-2024-21762) — now carry structured `vendor_advisories` (vendor, advisory id, URL, published date) drawn from their verified public advisories.
|
|
10
|
+
|
|
3
11
|
## 0.15.0 — 2026-05-28
|
|
4
12
|
|
|
5
13
|
Validation and gate hardening. Several catalog and skill integrity checks that had been deferred as non-blocking warnings now hard-fail the predeploy gate, and two latent gate weaknesses are closed.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-29T11:22:26.578Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "15c1fb4f9f54e1d2f724d9a9d501cfb4dc947916213ce45c67f7094e92de700b",
|
|
8
8
|
"data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
|
|
9
9
|
"data/attack-techniques.json": "57b8a1b4e1c3f524a76b4bded09b3082b36b783db3df116f863892072e0f65e9",
|
|
10
|
-
"data/cve-catalog.json": "
|
|
10
|
+
"data/cve-catalog.json": "de450425a3e953224ad79c4eaf85978faadde97c1d015afc3459295db8e60515",
|
|
11
11
|
"data/cwe-catalog.json": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
@@ -16,48 +16,48 @@
|
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
|
|
18
18
|
"data/zeroday-lessons.json": "e8202ffa99ed7c7d40b89ee5eedbea33839048cbff482e09329292e6700a5157",
|
|
19
|
-
"skills/kernel-lpe-triage/skill.md": "
|
|
20
|
-
"skills/ai-attack-surface/skill.md": "
|
|
21
|
-
"skills/mcp-agent-trust/skill.md": "
|
|
22
|
-
"skills/framework-gap-analysis/skill.md": "
|
|
23
|
-
"skills/compliance-theater/skill.md": "
|
|
24
|
-
"skills/exploit-scoring/skill.md": "
|
|
25
|
-
"skills/rag-pipeline-security/skill.md": "
|
|
26
|
-
"skills/ai-c2-detection/skill.md": "
|
|
27
|
-
"skills/policy-exception-gen/skill.md": "
|
|
28
|
-
"skills/threat-model-currency/skill.md": "
|
|
29
|
-
"skills/global-grc/skill.md": "
|
|
30
|
-
"skills/zeroday-gap-learn/skill.md": "
|
|
31
|
-
"skills/pqc-first/skill.md": "
|
|
32
|
-
"skills/skill-update-loop/skill.md": "
|
|
33
|
-
"skills/security-maturity-tiers/skill.md": "
|
|
34
|
-
"skills/researcher/skill.md": "
|
|
19
|
+
"skills/kernel-lpe-triage/skill.md": "0f79c641cef6e5f4a942eb94f43c460562bf83dfb67ae112d146c39c6b320fb0",
|
|
20
|
+
"skills/ai-attack-surface/skill.md": "2880499993e0e69e3897a9d02b5e83aa0462c86a4dd2c1988b9968e375704a1f",
|
|
21
|
+
"skills/mcp-agent-trust/skill.md": "0752834acde0303d6d1e36be4b320eac3d34fde715bb8d71f3ad9e801d701482",
|
|
22
|
+
"skills/framework-gap-analysis/skill.md": "c2da8cc184ac4277309896bf4fe6afe23c419575b297734a8fc168f42d1805e9",
|
|
23
|
+
"skills/compliance-theater/skill.md": "02b51b932ded4b9b74844ecf842ee3f4d6b09699ebe9cdba457e2c9b7da10ebd",
|
|
24
|
+
"skills/exploit-scoring/skill.md": "2bb77e1f667bc47c6ab1c7715071d9fe8da2697f9bbbf7914c7e9fd231ad67f1",
|
|
25
|
+
"skills/rag-pipeline-security/skill.md": "49b1910e996f01df1382714f9307ead98028fb5b6911bb9022cb8e5c0edf0723",
|
|
26
|
+
"skills/ai-c2-detection/skill.md": "08fee5607e4972a3c0e1e31d58d4ddfeffeae1302df22416f3e24c20229fb782",
|
|
27
|
+
"skills/policy-exception-gen/skill.md": "c549f48c2e44759a74c2c6306f0eb34ea26152fb2a3b0e7e96505d5b174f1bd4",
|
|
28
|
+
"skills/threat-model-currency/skill.md": "30fbe6f6d589331c0640d3238d1681905e37307171c8d78df1f753bc36259356",
|
|
29
|
+
"skills/global-grc/skill.md": "8d1dfbae79153d403d543b3481f463260a89a35d068db0fa9eeda21c01c78e09",
|
|
30
|
+
"skills/zeroday-gap-learn/skill.md": "158aebcff94cb30a4503bc0fb1b867fff0b42bb0e5f4b8c2e43bee86b8178317",
|
|
31
|
+
"skills/pqc-first/skill.md": "c48ee7dbaebb748211aac7364b81bb853a9f99059c860557b203d424407d218a",
|
|
32
|
+
"skills/skill-update-loop/skill.md": "16cd5a61ccd87c61901e9b209fff0e26ca6540c0cfcb8e231ac17917c50d56bb",
|
|
33
|
+
"skills/security-maturity-tiers/skill.md": "de7a67b1f6ae79be490656939ac59b5772aa648dae4759733d80d6bf4595c278",
|
|
34
|
+
"skills/researcher/skill.md": "9f1211d177c64e4c465407a45ad9e2901c5c6c0af410a0d0a51cc8fb780420d4",
|
|
35
35
|
"skills/attack-surface-pentest/skill.md": "6174a20b777a82c83941ef64d27e8c7e4091649358930ac1ba564a0ad4d9399f",
|
|
36
|
-
"skills/fuzz-testing-strategy/skill.md": "
|
|
37
|
-
"skills/dlp-gap-analysis/skill.md": "
|
|
38
|
-
"skills/supply-chain-integrity/skill.md": "
|
|
39
|
-
"skills/defensive-countermeasure-mapping/skill.md": "
|
|
40
|
-
"skills/identity-assurance/skill.md": "
|
|
41
|
-
"skills/ot-ics-security/skill.md": "
|
|
42
|
-
"skills/coordinated-vuln-disclosure/skill.md": "
|
|
43
|
-
"skills/threat-modeling-methodology/skill.md": "
|
|
44
|
-
"skills/webapp-security/skill.md": "
|
|
45
|
-
"skills/ai-risk-management/skill.md": "
|
|
46
|
-
"skills/sector-healthcare/skill.md": "
|
|
47
|
-
"skills/sector-financial/skill.md": "
|
|
48
|
-
"skills/sector-federal-government/skill.md": "
|
|
49
|
-
"skills/sector-energy/skill.md": "
|
|
50
|
-
"skills/sector-telecom/skill.md": "
|
|
51
|
-
"skills/api-security/skill.md": "
|
|
52
|
-
"skills/cloud-security/skill.md": "
|
|
53
|
-
"skills/container-runtime-security/skill.md": "
|
|
54
|
-
"skills/mlops-security/skill.md": "
|
|
55
|
-
"skills/incident-response-playbook/skill.md": "
|
|
56
|
-
"skills/ransomware-response/skill.md": "
|
|
57
|
-
"skills/email-security-anti-phishing/skill.md": "
|
|
58
|
-
"skills/age-gates-child-safety/skill.md": "
|
|
36
|
+
"skills/fuzz-testing-strategy/skill.md": "07e2ee5f773a3f0e82bd21b8a7e8cf6d5b1a8bf3ac6f71602f16550561ade553",
|
|
37
|
+
"skills/dlp-gap-analysis/skill.md": "89dedc6c062fa2afd2284e608f4a51effda819e9288fbf38ab16a7891ccd8a10",
|
|
38
|
+
"skills/supply-chain-integrity/skill.md": "7c568ee9805f4c822c16c266348e35fa6f2d7a3c76135fa34b0cfa77f003a878",
|
|
39
|
+
"skills/defensive-countermeasure-mapping/skill.md": "212c0c31dcdaf30dfc68d870e43015dc1420674563e47e6cfb7036067a1b8713",
|
|
40
|
+
"skills/identity-assurance/skill.md": "86649aa573bde5b2ef2456a77d2fbfa9d1b623a4ef1326dd7a7ab384d0419307",
|
|
41
|
+
"skills/ot-ics-security/skill.md": "583f758ace33e638ddbbc985eda1ffc711bb040ce24f528d502fc13e5f7bb46e",
|
|
42
|
+
"skills/coordinated-vuln-disclosure/skill.md": "5c089e27e06e16201d1035038ef3c6ecbb7121f18ebb296eb8bb6022cbf522ec",
|
|
43
|
+
"skills/threat-modeling-methodology/skill.md": "4e77ce72fbeff93fa1c6674528dcfc4a8411caac230d0f0c0d28780b56cc0452",
|
|
44
|
+
"skills/webapp-security/skill.md": "9dc8c0e51c78ad93ef9de91dd9054370dfebeea2161a87f909202ecacfad1504",
|
|
45
|
+
"skills/ai-risk-management/skill.md": "3e116dc6f03f31e32f1ee885516d72d9c11d3ff67d2184108b13dcbdf5f417bf",
|
|
46
|
+
"skills/sector-healthcare/skill.md": "148520af64959a60018a24f4368670925980db3e73aa09af73194f8ea61f1fcc",
|
|
47
|
+
"skills/sector-financial/skill.md": "eb526fdd9fff84943fff951ca7762de4304adbf3212eb26c73521a8979bb776d",
|
|
48
|
+
"skills/sector-federal-government/skill.md": "870dead2eae1b2664b1e151dd73d8fa240a62a297bdbcddee37bd1cb60e5e5f4",
|
|
49
|
+
"skills/sector-energy/skill.md": "432213dfc9ee271631ce3171daf62a103a010b27a51911dd1112bd5d8bc6c152",
|
|
50
|
+
"skills/sector-telecom/skill.md": "4b80771e78a474e3f43227ecc730ddda1684bff98d7e6e53f5ec373e1e886f34",
|
|
51
|
+
"skills/api-security/skill.md": "bdd29ba72fd40b9a81228e41b3e27e62dde6de6290b678d5ba282c6436844fb9",
|
|
52
|
+
"skills/cloud-security/skill.md": "4ca2792b199ea5d3f0ce61ad7dccd31cacd345acb295b872089a4a2ebca973cc",
|
|
53
|
+
"skills/container-runtime-security/skill.md": "a34221dfd923f8f0d7d03a325cbe5d30de6163e19174f0070b94b4a22b3cd50c",
|
|
54
|
+
"skills/mlops-security/skill.md": "6ec745030723e1dbc174315ce462a9402641febaf4871960b562827c9801b627",
|
|
55
|
+
"skills/incident-response-playbook/skill.md": "5a048322fe19833326d2d35ead53c02c2bcada63d64947c6daf0550e7862365a",
|
|
56
|
+
"skills/ransomware-response/skill.md": "d0f456f1c31ec2968bb4c2cea67eb628d5baf857f17650ab204cf7931b3317ef",
|
|
57
|
+
"skills/email-security-anti-phishing/skill.md": "0965eca982e8fc633b85e70c0ba6becb8c0f5ee7bdd0be96ad73a9a222bb8816",
|
|
58
|
+
"skills/age-gates-child-safety/skill.md": "6d4d29e54a115314c3c0ea9f5df47bdc2828f3b226fff4b5974d898b56c0cd73",
|
|
59
59
|
"skills/cloud-iam-incident/skill.md": "5ec3800a0049b2123aff67bfab4ff28491a86d2daeb712283e5e88b10c3d5d7b",
|
|
60
|
-
"skills/idp-incident-response/skill.md": "
|
|
60
|
+
"skills/idp-incident-response/skill.md": "cb2f2c5b90de4592bfd66dcd55f9bf2004f370746d519cad577fcbaf36125878"
|
|
61
61
|
},
|
|
62
62
|
"skill_count": 42,
|
|
63
63
|
"catalog_count": 11,
|
|
@@ -78,7 +78,7 @@
|
|
|
78
78
|
"handoff_dag_nodes": 42,
|
|
79
79
|
"summary_cards": 42,
|
|
80
80
|
"section_offsets_skills": 42,
|
|
81
|
-
"token_budget_total_approx":
|
|
81
|
+
"token_budget_total_approx": 418479,
|
|
82
82
|
"recipes": 8,
|
|
83
83
|
"jurisdiction_clocks": 29,
|
|
84
84
|
"did_ladders": 8,
|