@blamejs/exceptd-skills 0.15.0 → 0.15.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +12 -0
- package/data/_indexes/_meta.json +44 -44
- package/data/_indexes/section-offsets.json +804 -795
- package/data/_indexes/summary-cards.json +3 -3
- package/data/_indexes/token-budget.json +506 -501
- package/data/cve-catalog.json +629 -51
- package/manifest.json +84 -84
- package/package.json +1 -1
- package/sbom.cdx.json +94 -94
- package/skills/age-gates-child-safety/skill.md +7 -7
- package/skills/ai-attack-surface/skill.md +1 -1
- package/skills/ai-c2-detection/skill.md +3 -3
- package/skills/ai-risk-management/skill.md +9 -9
- package/skills/api-security/skill.md +4 -4
- package/skills/cloud-security/skill.md +7 -7
- package/skills/compliance-theater/skill.md +4 -4
- package/skills/container-runtime-security/skill.md +6 -6
- package/skills/coordinated-vuln-disclosure/skill.md +12 -12
- package/skills/defensive-countermeasure-mapping/skill.md +14 -10
- package/skills/dlp-gap-analysis/skill.md +3 -3
- package/skills/email-security-anti-phishing/skill.md +6 -6
- package/skills/exploit-scoring/skill.md +2 -2
- package/skills/framework-gap-analysis/skill.md +6 -6
- package/skills/fuzz-testing-strategy/skill.md +1 -1
- package/skills/global-grc/skill.md +2 -2
- package/skills/identity-assurance/skill.md +5 -5
- package/skills/idp-incident-response/skill.md +5 -5
- package/skills/incident-response-playbook/skill.md +8 -8
- package/skills/kernel-lpe-triage/skill.md +4 -4
- package/skills/mcp-agent-trust/skill.md +3 -3
- package/skills/mlops-security/skill.md +5 -5
- package/skills/ot-ics-security/skill.md +7 -7
- package/skills/policy-exception-gen/skill.md +2 -2
- package/skills/pqc-first/skill.md +2 -2
- package/skills/rag-pipeline-security/skill.md +2 -2
- package/skills/ransomware-response/skill.md +9 -9
- package/skills/researcher/skill.md +11 -11
- package/skills/sector-energy/skill.md +6 -6
- package/skills/sector-federal-government/skill.md +2 -2
- package/skills/sector-financial/skill.md +4 -4
- package/skills/sector-healthcare/skill.md +6 -6
- package/skills/sector-telecom/skill.md +1 -1
- package/skills/security-maturity-tiers/skill.md +4 -4
- package/skills/skill-update-loop/skill.md +6 -6
- package/skills/supply-chain-integrity/skill.md +1 -1
- package/skills/threat-model-currency/skill.md +3 -3
- package/skills/threat-modeling-methodology/skill.md +9 -9
- package/skills/webapp-security/skill.md +7 -7
- package/skills/zeroday-gap-learn/skill.md +8 -8
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,17 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.15.2 — 2026-05-29
|
|
4
|
+
|
|
5
|
+
Every curated catalog entry now carries detection IOCs. The 51 operator-curated CVE/MAL entries that previously lacked an `iocs` block — spanning the actively-exploited perimeter and supply-chain entries (runc, xz-utils, SolarWinds, Citrix, ConnectWise, Cisco SD-WAN, FortiOS), the AI-ecosystem cluster (MLflow, vLLM, Ollama, LangChain, the MCP SDK, Big Sleep AI-discovered bugs), the malicious-package supply-chain worms (Shai-Hulud, ultralytics, the RubyGems/PyPI stealers), and the Pwn2Own appliance chains — now ship behavioral detection indicators derived from each entry's documented vulnerability mechanics, with the indicator provenance recorded per entry. Detection coverage for the curated catalog is now complete.
|
|
6
|
+
|
|
7
|
+
## 0.15.1 — 2026-05-29
|
|
8
|
+
|
|
9
|
+
Skill content and catalog hygiene.
|
|
10
|
+
|
|
11
|
+
Every skill now describes its requirements in its own terms. References that pointed at the project's internal contributor guide by name or number — "per AGENTS.md", "Hard Rule #N", "DR-N" — have been replaced with the substance of the rule, since an operator reading a shipped skill cannot resolve those pointers. The behavior each rule mandates is unchanged and stated inline (CVSS reported alongside RWEP, global-first jurisdiction coverage, the zero-day learning loop, no orphaned controls, and so on). Version stamps left in skill frontmatter comments were removed.
|
|
12
|
+
|
|
13
|
+
Seven flagship actively-exploited catalog entries — runc "Leaky Vessels" (CVE-2024-21626), the xz-utils backdoor (CVE-2024-3094), SolarWinds Orion (CVE-2020-10148), Citrix NetScaler (CVE-2023-3519), ConnectWise ScreenConnect (CVE-2024-1709), Cisco SD-WAN (CVE-2026-20182), and Fortinet FortiOS (CVE-2024-21762) — now carry structured `vendor_advisories` (vendor, advisory id, URL, published date) drawn from their verified public advisories.
|
|
14
|
+
|
|
3
15
|
## 0.15.0 — 2026-05-28
|
|
4
16
|
|
|
5
17
|
Validation and gate hardening. Several catalog and skill integrity checks that had been deferred as non-blocking warnings now hard-fail the predeploy gate, and two latent gate weaknesses are closed.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-29T11:48:11.885Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "76306d3fd8fd5ce3ec74389a4aeb7d864698cdaddacb1e3fa62a1a85d85df7b1",
|
|
8
8
|
"data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
|
|
9
9
|
"data/attack-techniques.json": "57b8a1b4e1c3f524a76b4bded09b3082b36b783db3df116f863892072e0f65e9",
|
|
10
|
-
"data/cve-catalog.json": "
|
|
10
|
+
"data/cve-catalog.json": "5b7b9a5d5e51174970ca44e64515d7de4479caece49dd4ac462411649837854a",
|
|
11
11
|
"data/cwe-catalog.json": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
@@ -16,48 +16,48 @@
|
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
|
|
18
18
|
"data/zeroday-lessons.json": "e8202ffa99ed7c7d40b89ee5eedbea33839048cbff482e09329292e6700a5157",
|
|
19
|
-
"skills/kernel-lpe-triage/skill.md": "
|
|
20
|
-
"skills/ai-attack-surface/skill.md": "
|
|
21
|
-
"skills/mcp-agent-trust/skill.md": "
|
|
22
|
-
"skills/framework-gap-analysis/skill.md": "
|
|
23
|
-
"skills/compliance-theater/skill.md": "
|
|
24
|
-
"skills/exploit-scoring/skill.md": "
|
|
25
|
-
"skills/rag-pipeline-security/skill.md": "
|
|
26
|
-
"skills/ai-c2-detection/skill.md": "
|
|
27
|
-
"skills/policy-exception-gen/skill.md": "
|
|
28
|
-
"skills/threat-model-currency/skill.md": "
|
|
29
|
-
"skills/global-grc/skill.md": "
|
|
30
|
-
"skills/zeroday-gap-learn/skill.md": "
|
|
31
|
-
"skills/pqc-first/skill.md": "
|
|
32
|
-
"skills/skill-update-loop/skill.md": "
|
|
33
|
-
"skills/security-maturity-tiers/skill.md": "
|
|
34
|
-
"skills/researcher/skill.md": "
|
|
19
|
+
"skills/kernel-lpe-triage/skill.md": "0f79c641cef6e5f4a942eb94f43c460562bf83dfb67ae112d146c39c6b320fb0",
|
|
20
|
+
"skills/ai-attack-surface/skill.md": "2880499993e0e69e3897a9d02b5e83aa0462c86a4dd2c1988b9968e375704a1f",
|
|
21
|
+
"skills/mcp-agent-trust/skill.md": "0752834acde0303d6d1e36be4b320eac3d34fde715bb8d71f3ad9e801d701482",
|
|
22
|
+
"skills/framework-gap-analysis/skill.md": "c2da8cc184ac4277309896bf4fe6afe23c419575b297734a8fc168f42d1805e9",
|
|
23
|
+
"skills/compliance-theater/skill.md": "02b51b932ded4b9b74844ecf842ee3f4d6b09699ebe9cdba457e2c9b7da10ebd",
|
|
24
|
+
"skills/exploit-scoring/skill.md": "2bb77e1f667bc47c6ab1c7715071d9fe8da2697f9bbbf7914c7e9fd231ad67f1",
|
|
25
|
+
"skills/rag-pipeline-security/skill.md": "49b1910e996f01df1382714f9307ead98028fb5b6911bb9022cb8e5c0edf0723",
|
|
26
|
+
"skills/ai-c2-detection/skill.md": "08fee5607e4972a3c0e1e31d58d4ddfeffeae1302df22416f3e24c20229fb782",
|
|
27
|
+
"skills/policy-exception-gen/skill.md": "c549f48c2e44759a74c2c6306f0eb34ea26152fb2a3b0e7e96505d5b174f1bd4",
|
|
28
|
+
"skills/threat-model-currency/skill.md": "30fbe6f6d589331c0640d3238d1681905e37307171c8d78df1f753bc36259356",
|
|
29
|
+
"skills/global-grc/skill.md": "8d1dfbae79153d403d543b3481f463260a89a35d068db0fa9eeda21c01c78e09",
|
|
30
|
+
"skills/zeroday-gap-learn/skill.md": "158aebcff94cb30a4503bc0fb1b867fff0b42bb0e5f4b8c2e43bee86b8178317",
|
|
31
|
+
"skills/pqc-first/skill.md": "c48ee7dbaebb748211aac7364b81bb853a9f99059c860557b203d424407d218a",
|
|
32
|
+
"skills/skill-update-loop/skill.md": "16cd5a61ccd87c61901e9b209fff0e26ca6540c0cfcb8e231ac17917c50d56bb",
|
|
33
|
+
"skills/security-maturity-tiers/skill.md": "de7a67b1f6ae79be490656939ac59b5772aa648dae4759733d80d6bf4595c278",
|
|
34
|
+
"skills/researcher/skill.md": "9f1211d177c64e4c465407a45ad9e2901c5c6c0af410a0d0a51cc8fb780420d4",
|
|
35
35
|
"skills/attack-surface-pentest/skill.md": "6174a20b777a82c83941ef64d27e8c7e4091649358930ac1ba564a0ad4d9399f",
|
|
36
|
-
"skills/fuzz-testing-strategy/skill.md": "
|
|
37
|
-
"skills/dlp-gap-analysis/skill.md": "
|
|
38
|
-
"skills/supply-chain-integrity/skill.md": "
|
|
39
|
-
"skills/defensive-countermeasure-mapping/skill.md": "
|
|
40
|
-
"skills/identity-assurance/skill.md": "
|
|
41
|
-
"skills/ot-ics-security/skill.md": "
|
|
42
|
-
"skills/coordinated-vuln-disclosure/skill.md": "
|
|
43
|
-
"skills/threat-modeling-methodology/skill.md": "
|
|
44
|
-
"skills/webapp-security/skill.md": "
|
|
45
|
-
"skills/ai-risk-management/skill.md": "
|
|
46
|
-
"skills/sector-healthcare/skill.md": "
|
|
47
|
-
"skills/sector-financial/skill.md": "
|
|
48
|
-
"skills/sector-federal-government/skill.md": "
|
|
49
|
-
"skills/sector-energy/skill.md": "
|
|
50
|
-
"skills/sector-telecom/skill.md": "
|
|
51
|
-
"skills/api-security/skill.md": "
|
|
52
|
-
"skills/cloud-security/skill.md": "
|
|
53
|
-
"skills/container-runtime-security/skill.md": "
|
|
54
|
-
"skills/mlops-security/skill.md": "
|
|
55
|
-
"skills/incident-response-playbook/skill.md": "
|
|
56
|
-
"skills/ransomware-response/skill.md": "
|
|
57
|
-
"skills/email-security-anti-phishing/skill.md": "
|
|
58
|
-
"skills/age-gates-child-safety/skill.md": "
|
|
36
|
+
"skills/fuzz-testing-strategy/skill.md": "07e2ee5f773a3f0e82bd21b8a7e8cf6d5b1a8bf3ac6f71602f16550561ade553",
|
|
37
|
+
"skills/dlp-gap-analysis/skill.md": "89dedc6c062fa2afd2284e608f4a51effda819e9288fbf38ab16a7891ccd8a10",
|
|
38
|
+
"skills/supply-chain-integrity/skill.md": "7c568ee9805f4c822c16c266348e35fa6f2d7a3c76135fa34b0cfa77f003a878",
|
|
39
|
+
"skills/defensive-countermeasure-mapping/skill.md": "212c0c31dcdaf30dfc68d870e43015dc1420674563e47e6cfb7036067a1b8713",
|
|
40
|
+
"skills/identity-assurance/skill.md": "86649aa573bde5b2ef2456a77d2fbfa9d1b623a4ef1326dd7a7ab384d0419307",
|
|
41
|
+
"skills/ot-ics-security/skill.md": "583f758ace33e638ddbbc985eda1ffc711bb040ce24f528d502fc13e5f7bb46e",
|
|
42
|
+
"skills/coordinated-vuln-disclosure/skill.md": "5c089e27e06e16201d1035038ef3c6ecbb7121f18ebb296eb8bb6022cbf522ec",
|
|
43
|
+
"skills/threat-modeling-methodology/skill.md": "4e77ce72fbeff93fa1c6674528dcfc4a8411caac230d0f0c0d28780b56cc0452",
|
|
44
|
+
"skills/webapp-security/skill.md": "9dc8c0e51c78ad93ef9de91dd9054370dfebeea2161a87f909202ecacfad1504",
|
|
45
|
+
"skills/ai-risk-management/skill.md": "3e116dc6f03f31e32f1ee885516d72d9c11d3ff67d2184108b13dcbdf5f417bf",
|
|
46
|
+
"skills/sector-healthcare/skill.md": "148520af64959a60018a24f4368670925980db3e73aa09af73194f8ea61f1fcc",
|
|
47
|
+
"skills/sector-financial/skill.md": "eb526fdd9fff84943fff951ca7762de4304adbf3212eb26c73521a8979bb776d",
|
|
48
|
+
"skills/sector-federal-government/skill.md": "870dead2eae1b2664b1e151dd73d8fa240a62a297bdbcddee37bd1cb60e5e5f4",
|
|
49
|
+
"skills/sector-energy/skill.md": "432213dfc9ee271631ce3171daf62a103a010b27a51911dd1112bd5d8bc6c152",
|
|
50
|
+
"skills/sector-telecom/skill.md": "4b80771e78a474e3f43227ecc730ddda1684bff98d7e6e53f5ec373e1e886f34",
|
|
51
|
+
"skills/api-security/skill.md": "bdd29ba72fd40b9a81228e41b3e27e62dde6de6290b678d5ba282c6436844fb9",
|
|
52
|
+
"skills/cloud-security/skill.md": "4ca2792b199ea5d3f0ce61ad7dccd31cacd345acb295b872089a4a2ebca973cc",
|
|
53
|
+
"skills/container-runtime-security/skill.md": "a34221dfd923f8f0d7d03a325cbe5d30de6163e19174f0070b94b4a22b3cd50c",
|
|
54
|
+
"skills/mlops-security/skill.md": "6ec745030723e1dbc174315ce462a9402641febaf4871960b562827c9801b627",
|
|
55
|
+
"skills/incident-response-playbook/skill.md": "5a048322fe19833326d2d35ead53c02c2bcada63d64947c6daf0550e7862365a",
|
|
56
|
+
"skills/ransomware-response/skill.md": "d0f456f1c31ec2968bb4c2cea67eb628d5baf857f17650ab204cf7931b3317ef",
|
|
57
|
+
"skills/email-security-anti-phishing/skill.md": "0965eca982e8fc633b85e70c0ba6becb8c0f5ee7bdd0be96ad73a9a222bb8816",
|
|
58
|
+
"skills/age-gates-child-safety/skill.md": "6d4d29e54a115314c3c0ea9f5df47bdc2828f3b226fff4b5974d898b56c0cd73",
|
|
59
59
|
"skills/cloud-iam-incident/skill.md": "5ec3800a0049b2123aff67bfab4ff28491a86d2daeb712283e5e88b10c3d5d7b",
|
|
60
|
-
"skills/idp-incident-response/skill.md": "
|
|
60
|
+
"skills/idp-incident-response/skill.md": "cb2f2c5b90de4592bfd66dcd55f9bf2004f370746d519cad577fcbaf36125878"
|
|
61
61
|
},
|
|
62
62
|
"skill_count": 42,
|
|
63
63
|
"catalog_count": 11,
|
|
@@ -78,7 +78,7 @@
|
|
|
78
78
|
"handoff_dag_nodes": 42,
|
|
79
79
|
"summary_cards": 42,
|
|
80
80
|
"section_offsets_skills": 42,
|
|
81
|
-
"token_budget_total_approx":
|
|
81
|
+
"token_budget_total_approx": 418479,
|
|
82
82
|
"recipes": 8,
|
|
83
83
|
"jurisdiction_clocks": 29,
|
|
84
84
|
"did_ladders": 8,
|