@blamejs/exceptd-skills 0.16.10 → 0.16.11

package/data/_indexes/currency.json

@@ -6,7 +6,7 @@
     "decay_formula": "100 base; -30/-20/-10/-5 at 180/90/60/30-day thresholds. forward_watch count does NOT affect the score (it's a maintenance signal, not a staleness one). Label thresholds: ≥90 current, ≥70 acceptable, ≥50 stale, <50 critical_stale."
   },
   "summary": {
-    "current": 42,
+    "current": 43,
     "acceptable": 0,
     "stale": 0,
     "critical_stale": 0,
@@ -373,6 +373,15 @@
       "forward_watch_count": 6,
       "action_required": false
     },
+    {
+      "skill": "vc-wallet-trust",
+      "last_threat_review": "2026-06-02",
+      "days_since_review": -18,
+      "currency_score": 100,
+      "currency_label": "current",
+      "forward_watch_count": 0,
+      "action_required": false
+    },
     {
       "skill": "webapp-security",
       "last_threat_review": "2026-05-11",

package/data/_indexes/frequency.json

@@ -36,9 +36,10 @@
         ]
       },
       "CWE-672": {
-        "count": 1,
+        "count": 2,
         "skills": [
-          "kernel-lpe-triage"
+          "kernel-lpe-triage",
+          "vc-wallet-trust"
         ]
       },
       "CWE-787": {
@@ -214,13 +215,14 @@
         ]
       },
       "CWE-200": {
-        "count": 6,
+        "count": 7,
         "skills": [
           "age-gates-child-safety",
           "api-security",
           "cloud-security",
           "dlp-gap-analysis",
           "sector-healthcare",
+          "vc-wallet-trust",
           "webapp-security"
         ]
       },
@@ -300,13 +302,14 @@
         ]
       },
       "CWE-863": {
-        "count": 6,
+        "count": 7,
         "skills": [
           "api-security",
           "cloud-iam-incident",
           "identity-assurance",
           "idp-incident-response",
           "sector-financial",
+          "vc-wallet-trust",
           "webapp-security"
         ]
       },
@@ -329,6 +332,18 @@
         "skills": [
           "idp-incident-response"
         ]
+      },
+      "CWE-347": {
+        "count": 1,
+        "skills": [
+          "vc-wallet-trust"
+        ]
+      },
+      "CWE-290": {
+        "count": 1,
+        "skills": [
+          "vc-wallet-trust"
+        ]
       }
     },
     "d3fend_refs": {
@@ -851,9 +866,10 @@
         ]
       },
       "NIST-800-63B-rev4": {
-        "count": 1,
+        "count": 2,
         "skills": [
-          "identity-assurance"
+          "identity-assurance",
+          "vc-wallet-trust"
         ]
       },
       "PSD2-RTS-SCA": {
@@ -1023,15 +1039,17 @@
         ]
       },
       "NIST-800-53-IA-5-Federated": {
-        "count": 1,
+        "count": 2,
         "skills": [
-          "idp-incident-response"
+          "idp-incident-response",
+          "vc-wallet-trust"
         ]
       },
       "ISO-27001-2022-A.5.16-Federated": {
-        "count": 1,
+        "count": 2,
         "skills": [
-          "idp-incident-response"
+          "idp-incident-response",
+          "vc-wallet-trust"
         ]
       },
       "SOC2-CC6-OAuth-Consent": {
@@ -1053,9 +1071,10 @@
         ]
       },
       "NIS2-Art-21-Federated-Identity": {
-        "count": 1,
+        "count": 2,
         "skills": [
-          "idp-incident-response"
+          "idp-incident-response",
+          "vc-wallet-trust"
         ]
       },
       "DORA-Art-19-IdP-4h": {
@@ -1069,6 +1088,12 @@
         "skills": [
           "idp-incident-response"
         ]
+      },
+      "UK-CAF-B2": {
+        "count": 1,
+        "skills": [
+          "vc-wallet-trust"
+        ]
       }
     },
     "atlas_refs": {
@@ -1330,10 +1355,11 @@
         ]
       },
       "T1556": {
-        "count": 2,
+        "count": 3,
         "skills": [
           "identity-assurance",
-          "sector-telecom"
+          "sector-telecom",
+          "vc-wallet-trust"
         ]
       },
       "T1110": {
@@ -1462,6 +1488,18 @@
         "skills": [
           "idp-incident-response"
         ]
+      },
+      "T1606": {
+        "count": 1,
+        "skills": [
+          "vc-wallet-trust"
+        ]
+      },
+      "T1550": {
+        "count": 1,
+        "skills": [
+          "vc-wallet-trust"
+        ]
       }
     },
     "rfc_refs": {
@@ -1671,6 +1709,19 @@
           "webapp-security"
         ]
       },
+      {
+        "id": "CWE-200",
+        "count": 7,
+        "skills": [
+          "age-gates-child-safety",
+          "api-security",
+          "cloud-security",
+          "dlp-gap-analysis",
+          "sector-healthcare",
+          "vc-wallet-trust",
+          "webapp-security"
+        ]
+      },
       {
         "id": "CWE-798",
         "count": 7,
@@ -1697,6 +1748,19 @@
           "webapp-security"
         ]
       },
+      {
+        "id": "CWE-863",
+        "count": 7,
+        "skills": [
+          "api-security",
+          "cloud-iam-incident",
+          "identity-assurance",
+          "idp-incident-response",
+          "sector-financial",
+          "vc-wallet-trust",
+          "webapp-security"
+        ]
+      },
       {
         "id": "CWE-1188",
         "count": 6,
@@ -1733,18 +1797,6 @@
           "sector-healthcare"
         ]
       },
-      {
-        "id": "CWE-200",
-        "count": 6,
-        "skills": [
-          "age-gates-child-safety",
-          "api-security",
-          "cloud-security",
-          "dlp-gap-analysis",
-          "sector-healthcare",
-          "webapp-security"
-        ]
-      },
       {
         "id": "CWE-269",
         "count": 6,
@@ -1768,18 +1820,6 @@
           "identity-assurance",
           "webapp-security"
         ]
-      },
-      {
-        "id": "CWE-863",
-        "count": 6,
-        "skills": [
-          "api-security",
-          "cloud-iam-incident",
-          "identity-assurance",
-          "idp-incident-response",
-          "sector-financial",
-          "webapp-security"
-        ]
       }
     ],
     "d3fend_refs": [
@@ -2226,15 +2266,16 @@
         ]
       },
       {
-        "id": "T0855",
-        "count": 2,
+        "id": "T1556",
+        "count": 3,
         "skills": [
-          "ot-ics-security",
-          "sector-energy"
+          "identity-assurance",
+          "sector-telecom",
+          "vc-wallet-trust"
         ]
       },
       {
-        "id": "T0883",
+        "id": "T0855",
         "count": 2,
         "skills": [
           "ot-ics-security",
@@ -2364,8 +2405,9 @@
     "cwe_refs": [
       "CWE-20",
       "CWE-284",
+      "CWE-290",
       "CWE-327",
-      "CWE-672"
+      "CWE-347"
     ],
     "d3fend_refs": [
       "D3-CAA",
@@ -2391,18 +2433,14 @@
       "FCC-Cyber-Incident-Notification-2024",
       "FedRAMP-IL5-IAM-Federated",
       "GSMA-NESAS-Deployment",
-      "ISO-27001-2022-A.5.16-Federated",
       "ISO-27017-Cloud-IAM",
       "ITU-T-X.805",
       "Immutable-Backup-Recovery",
       "Insurance-Carrier-24h-Notification",
       "NIS2-Annex-I-Telecom",
-      "NIS2-Art-21-Federated-Identity",
       "NIST-800-53-AC-2-Cross-Account",
-      "NIST-800-53-IA-5-Federated",
       "NIST-800-53-SI-12",
       "NIST-800-53-SI-2",
-      "NIST-800-63B-rev4",
       "OFAC-SDN-Payment-Block",
       "OFAC-Sanctions-Threat-Actor-Negotiation",
       "OWASP-LLM-Top-10-2025-LLM02",
@@ -2414,6 +2452,7 @@
       "SOC2-CC6-Access-Key-Leak-Public-Repo",
       "SOC2-CC6-OAuth-Consent",
       "SPDX-v3.0-SBOM",
+      "UK-CAF-B2",
       "UK-CAF-B2-Cloud-IAM",
       "UK-CAF-B2-IdP-Tenant",
       "UK-CAF-B5",
@@ -2432,6 +2471,7 @@
       "T1505",
       "T1538",
       "T1548.001",
+      "T1550",
       "T1552",
       "T1552.005",
       "T1556.007",
@@ -2440,6 +2480,7 @@
       "T1566.003",
       "T1568",
       "T1580",
+      "T1606",
       "T1606.002",
       "T1610",
       "T1611"
@@ -2505,7 +2546,6 @@
       "CWE-282",
       "CWE-285",
       "CWE-288",
-      "CWE-290",
       "CWE-305",
       "CWE-310",
       "CWE-312",
@@ -2520,7 +2560,6 @@
       "CWE-338",
       "CWE-340",
       "CWE-346",
-      "CWE-347",
       "CWE-35",
       "CWE-353",
       "CWE-367",
@@ -3324,7 +3363,6 @@
       "SLSA-3",
       "SLSA-v1.0-Source-L3",
       "UK-CAF-A1",
-      "UK-CAF-B2",
       "UK-CAF-B4",
       "UK-CAF-C1",
       "UK-CAF-D1"

package/data/_indexes/handoff-dag.json

@@ -40,6 +40,7 @@
     "supply-chain-integrity",
     "threat-model-currency",
     "threat-modeling-methodology",
+    "vc-wallet-trust",
     "webapp-security",
     "zeroday-gap-learn"
   ],
@@ -513,7 +514,8 @@
       "sector-federal-government",
       "sector-financial",
       "sector-telecom"
-    ]
+    ],
+    "vc-wallet-trust": []
   },
   "in_degree": {
     "age-gates-child-safety": 1,
@@ -556,6 +558,7 @@
     "supply-chain-integrity": 17,
     "threat-model-currency": 6,
     "threat-modeling-methodology": 4,
+    "vc-wallet-trust": 0,
     "webapp-security": 3,
     "zeroday-gap-learn": 8
   },
@@ -600,6 +603,7 @@
     "supply-chain-integrity": 4,
     "threat-model-currency": 5,
     "threat-modeling-methodology": 9,
+    "vc-wallet-trust": 0,
     "webapp-security": 10,
     "zeroday-gap-learn": 6
   }

package/data/_indexes/jurisdiction-map.json

@@ -41,11 +41,12 @@
       "supply-chain-integrity",
       "threat-model-currency",
       "threat-modeling-methodology",
+      "vc-wallet-trust",
       "webapp-security",
       "zeroday-gap-learn"
     ],
     "example_excerpts": {},
-    "skill_count": 42
+    "skill_count": 43
   },
   "UK": {
     "skills": [
@@ -89,11 +90,12 @@
       "supply-chain-integrity",
       "threat-model-currency",
       "threat-modeling-methodology",
+      "vc-wallet-trust",
       "webapp-security",
       "zeroday-gap-learn"
     ],
     "example_excerpts": {},
-    "skill_count": 42
+    "skill_count": 43
   },
   "AU": {
     "skills": [

package/data/_indexes/section-offsets.json

@@ -4297,6 +4297,91 @@
           "h3_count": 0
         }
       ]
+    },
+    "vc-wallet-trust": {
+      "path": "skills/vc-wallet-trust/skill.md",
+      "total_bytes": 7626,
+      "total_lines": 85,
+      "frontmatter": {
+        "line_start": 1,
+        "line_end": 50,
+        "byte_start": 0,
+        "byte_end": 1116
+      },
+      "sections": [
+        {
+          "name": "Threat Context (mid-2026)",
+          "normalized_name": "threat-context",
+          "line": 54,
+          "byte_start": 1174,
+          "byte_end": 2038,
+          "bytes": 864,
+          "h3_count": 0
+        },
+        {
+          "name": "Framework Lag Declaration",
+          "normalized_name": "framework-lag-declaration",
+          "line": 58,
+          "byte_start": 2038,
+          "byte_end": 2824,
+          "bytes": 786,
+          "h3_count": 0
+        },
+        {
+          "name": "TTP Mapping",
+          "normalized_name": "ttp-mapping",
+          "line": 62,
+          "byte_start": 2824,
+          "byte_end": 3664,
+          "bytes": 840,
+          "h3_count": 0
+        },
+        {
+          "name": "Exploit Availability Matrix",
+          "normalized_name": "exploit-availability-matrix",
+          "line": 66,
+          "byte_start": 3664,
+          "byte_end": 4457,
+          "bytes": 793,
+          "h3_count": 0
+        },
+        {
+          "name": "Analysis Procedure",
+          "normalized_name": "analysis-procedure",
+          "line": 70,
+          "byte_start": 4457,
+          "byte_end": 5331,
+          "bytes": 874,
+          "h3_count": 0
+        },
+        {
+          "name": "Output Format",
+          "normalized_name": "output-format",
+          "line": 74,
+          "byte_start": 5331,
+          "byte_end": 6089,
+          "bytes": 758,
+          "h3_count": 0
+        },
+        {
+          "name": "Compliance Theater Check",
+          "normalized_name": "compliance-theater-check",
+          "line": 78,
+          "byte_start": 6089,
+          "byte_end": 6850,
+          "bytes": 761,
+          "h3_count": 0
+        },
+        {
+          "name": "Defensive Countermeasure Mapping",
+          "normalized_name": "defensive-countermeasure-mapping",
+          "line": 82,
+          "byte_start": 6850,
+          "byte_end": 7626,
+          "bytes": 776,
+          "h3_count": 0
+        }
+      ]
     }
   }
 }

package/data/_indexes/stale-content.json

@@ -3,12 +3,19 @@
     "schema_version": "1.0.0",
     "reference_date": "2026-05-15",
     "note": "Stale-content snapshot derived from audit-cross-skill checks. Re-runs of build-indexes against the same inputs produce byte-identical output (reference_date is manifest.threat_review_date, not 'now'). audit-cross-skill.js remains the canonical interactive audit.",
-    "finding_count": 0,
+    "finding_count": 1,
     "by_severity": {
       "high": 0,
-      "medium": 0,
+      "medium": 1,
       "low": 0
     }
   },
-  "findings": []
+  "findings": [
+    {
+      "severity": "medium",
+      "category": "researcher_claim_drift",
+      "artifact": "skills/researcher/skill.md",
+      "detail": "claims 41 specialized skills downstream; live count is 42"
+    }
+  ]
 }

package/data/_indexes/summary-cards.json

@@ -1983,6 +1983,46 @@
         "sector-financial",
         "sector-telecom"
       ]
+    },
+    "vc-wallet-trust": {
+      "description": "Verifiable-credential / digital-wallet verifier trust for mid-2026 — SD-JWT-VC, OID4VCI/OID4VP, mdoc (ISO 18013-5), DID resolution, OAuth Token Status List revocation, OpenID Federation trust anchors, and the EUDI wallet (eIDAS 2.0) acceptance path",
+      "threat_context_excerpt": "A credential verifier is a trust boundary: every verifiable credential it accepts grants whatever the credential asserts — age, residency, employment, professional licence, payment authority. With the EU Digital Identity Wallet (eIDAS 2.0) rolling out and ISO 18013-5 mobile driving licences in production, verifiers across payments, age-gating, and onboarding now accept SD-JWT-VC, OID4VP, and mdoc presentations from wallets they do not control. The dominant abuse is not breaking the cryptography but exploiting a missing trust check: an issuer key the verifier never pinned to an anchor, a ...",
+      "produces": "Report per accepted credential format, listing each trust check as enforced / missing / inconclusive (visibility gap). For every missing check, state the credential types and downstream entitlements it gates, whether the verifier is internet-facing, and the resulting blast radius. Distinguish a production-reachable gap from a test-only resolver. Provide the prioritised remediation (pin issuer anchors, enforce revocation fail-closed, bind presentations to nonce+audience, verify mdoc device-auth, enforce an algorithm allowlist, filter to requested claims) and the negative validation tests that p ...",
+      "key_xrefs": {
+        "cwe_refs": [
+          "CWE-347",
+          "CWE-290",
+          "CWE-863",
+          "CWE-200",
+          "CWE-672"
+        ],
+        "d3fend_refs": [],
+        "framework_gaps": [
+          "NIST-800-63B-rev4",
+          "NIST-800-53-IA-5-Federated",
+          "ISO-27001-2022-A.5.16-Federated",
+          "NIS2-Art-21-Federated-Identity",
+          "UK-CAF-B2"
+        ],
+        "atlas_refs": [],
+        "attack_refs": [
+          "T1556",
+          "T1606",
+          "T1550"
+        ],
+        "rfc_refs": [],
+        "dlp_refs": []
+      },
+      "trigger_count": 18,
+      "atlas_count": 0,
+      "attack_count": 3,
+      "framework_gap_count": 5,
+      "cwe_count": 5,
+      "d3fend_count": 0,
+      "rfc_count": 0,
+      "last_threat_review": "2026-06-02",
+      "path": "skills/vc-wallet-trust/skill.md",
+      "handoff_targets": []
     }
   }
 }

package/data/_indexes/token-budget.json

@@ -3,9 +3,9 @@
     "schema_version": "1.0.0",
     "tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
     "approx_chars_per_token": 4,
-    "total_chars": 1675166,
-    "total_approx_tokens": 418794,
-    "skill_count": 42
+    "total_chars": 1682784,
+    "total_approx_tokens": 420699,
+    "skill_count": 43
   },
   "skills": {
     "kernel-lpe-triage": {
@@ -2502,6 +2502,56 @@
           "approx_tokens": 986
         }
       }
+    },
+    "vc-wallet-trust": {
+      "path": "skills/vc-wallet-trust/skill.md",
+      "bytes": 7626,
+      "chars": 7618,
+      "lines": 85,
+      "approx_tokens": 1905,
+      "approx_chars_per_token": 4,
+      "sections": {
+        "threat-context": {
+          "bytes": 864,
+          "chars": 862,
+          "approx_tokens": 216
+        },
+        "framework-lag-declaration": {
+          "bytes": 786,
+          "chars": 786,
+          "approx_tokens": 197
+        },
+        "ttp-mapping": {
+          "bytes": 840,
+          "chars": 840,
+          "approx_tokens": 210
+        },
+        "exploit-availability-matrix": {
+          "bytes": 793,
+          "chars": 791,
+          "approx_tokens": 198
+        },
+        "analysis-procedure": {
+          "bytes": 874,
+          "chars": 874,
+          "approx_tokens": 219
+        },
+        "output-format": {
+          "bytes": 758,
+          "chars": 758,
+          "approx_tokens": 190
+        },
+        "compliance-theater-check": {
+          "bytes": 761,
+          "chars": 761,
+          "approx_tokens": 190
+        },
+        "defensive-countermeasure-mapping": {
+          "bytes": 776,
+          "chars": 774,
+          "approx_tokens": 194
+        }
+      }
     }
   }
 }