@blamejs/exceptd-skills 0.16.10 → 0.16.12

package/sbom.cdx.json

@@ -1,23 +1,23 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:8bb2d8cc-10a2-40a8-a3e7-67aba4a5fe06",
+  "serialNumber": "urn:uuid:13543406-f1b2-4fad-a45a-c25bfd52c7c0",
   "version": 1,
   "metadata": {
-    "timestamp": "2100-04-09T18:45:32.000Z",
+    "timestamp": "2036-04-11T07:17:26.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.16.10"
+        "version": "0.16.12"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.10",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.12",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.16.10",
-      "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 11 catalogs (427 CVEs / 173 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
+      "version": "0.16.12",
+      "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 44 skills, 11 catalogs (439 CVEs / 174 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
       "licenses": [
         {
           "license": {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.10",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.12",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "6645aae260375bdfd45fef3a154848cb7b71634e0cb8a5063beacce54ed78dc6"
+          "content": "afb482357c7c2294b29c874300c89473a3fa9efb1e63ee223a73a1277e496a57"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.10"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.12"
         },
         {
           "type": "vcs",
@@ -54,7 +54,7 @@
       },
       {
         "name": "exceptd:skill:count",
-        "value": "42"
+        "value": "44"
       },
       {
         "name": "exceptd:integrity:method",
@@ -86,11 +86,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "fdab001b18df6526870f2cb552a2b9ad1afbddc8f6337dd137d72bb3667ec947"
+          "content": "a678ec5b3d67d984a7ace47a2d32315a5139ab3fd2104ee5c4674ec27359c20b"
         },
         {
           "alg": "SHA3-512",
-          "content": "c3f12b8e7acb761b94e3c1f42681ef166c863f3b351dec8681b4143b87a5b914e430772dfaebb72efb3933a2846f7cd8b573903d9c6689f9d4c67a0dd1c25a1f"
+          "content": "7e6938a7d13765dac67c8f1be801ccc2e0d4a3d8be05c1185ae1d75ba84f56e691cfa47377230c11d772ceb3dec21ac3c85dbcda730a0e61a17585d9dbbadb76"
         }
       ]
     },
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "00756e446fca3d66af2838dee91d30f591e5f8a179c97683eaebe4b3495a27d6"
+          "content": "7f14a514c54a1e07b4387df550ee57155daba3ffad20c5f256769ec6a27a6ceb"
         },
         {
           "alg": "SHA3-512",
-          "content": "ebe3f08786809489c762ec4cc294b9f78124013d44ce82e77c2fb501cd49b0c1692c380881829e4e301a2c786fcbf2edf871d480fd006ef3dc72b0f1f3bfe66a"
+          "content": "2110e331c531aa9fdf64315b2edf910a4111e4a0cf841004f078df6fadde182079320ece4ec48e6540c401c6a9d7def4ffc65ad82015f078929bc3b251e0faea"
         }
       ]
     },
@@ -176,11 +176,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "d7188263d12b82440a9f6c076ae86455bcaea55f628b1549de22b0ad745afa3e"
+          "content": "12a35979ae7e439ffaf58cbadb801ddcdedb8b99d9526ed652243d4c04380829"
         },
         {
           "alg": "SHA3-512",
-          "content": "c637ea0ed8932251bbd55ef044d8140f61a63672e4404fa247b68a81812e88c532af47c8c35c92340ae3ab46b36bdb9fe0423ea65706888682ba4a96a10dde7b"
+          "content": "7fc494b284be899216c55c9506a0fc52f341c6044325db994af5b25d1e9003a66ffe5c96741b19356554e6f819bd920bbd17db9299d9a9e6cca68c91ee834870"
         }
       ]
     },
@@ -281,11 +281,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "b6c45954bc8d5956d9efe91cedf2806873824539547809af1f254879e3fc3a99"
+          "content": "fcbef21c9a6c24523c6c6bcd0ba4166b88cf7f994eb6837362ae9bbdaca0bddd"
         },
         {
           "alg": "SHA3-512",
-          "content": "2541ea2dcfd5336b5f431e7d86158706e6199eb54cf65e0d3e7d84e26a3421867c88dd7b61478e5ec415a9b54b31600fda8495274688e764faeaef0dc9083557"
+          "content": "ecf8dd551df3f4b2b521d51add250837c6e001e19c6f731c059eb73979f4ed66862a4739d7b66116f4c37c97a728e74925a578ae5c583b7ac1e705b51a7ae687"
         }
       ]
     },
@@ -341,11 +341,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "5def8d82bbe51382ec55fc7186722974077e1289194e4ea002df0e3c52c6a017"
+          "content": "bab657546a4b6ae1dea7d2433d96cd48a1fd409f74deffb8b50744c5f3ba76d9"
         },
         {
           "alg": "SHA3-512",
-          "content": "59c7a63a85811aa46842b2a7888998e61983752bc3975ac65b69cf54ebea5a16d4f553690b4c2bc8afadf995d32435cdcbe5b77dc9825de2f7fccf0bb4c02fe7"
+          "content": "d697ddb45624f3f7f1444825ce15117f217124175897b9247cfcd425a610d30c48c0f2db0d4dfe42bc2302e4fc5fbc78ddeb56d63b885c23ba77ad4605d948ac"
         }
       ]
     },
@@ -521,11 +521,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "f601e0354731d59069b2c34e39631b092073a25b2b92c4db9ddb2c231776c955"
+          "content": "ece18e05860fdd763645ca246d076ed2fe7e61d738412c6a69a2ce651cd6c1aa"
         },
         {
           "alg": "SHA3-512",
-          "content": "2bb266b64514534a082ad9daaa29a5ac9a2d058d0a5f2ccc134b1711a9d0349e47db775ec9f17cee8d4f3d3f317c25d7f29e9d86e8ac731e08a9f003dfcf78fa"
+          "content": "f0927574bfc2f0233a617fb93c4ad2cce5287d9a0876ae49f339f646782141f51fd1b452e7e4ec7fd4d6a7bd2d3f5b84012b4051d34a3cd76dea1016cec7886e"
         }
       ]
     },
@@ -566,11 +566,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "62ab09df198bbafba6c488bfc23cf730aec88369e957eba70b4bb228a0019619"
+          "content": "7242ba841addcf2a77a45b9fc2b05452af831bc56ae33edd7ade8f94b3e603b2"
         },
         {
           "alg": "SHA3-512",
-          "content": "e1c532d6911b6b07a704f510e09129306b2becdbc72306d9ad26f218b19561565f2a720889af0d8a0cef5d15ba64525e755684c34452cbb70895e30a49acf297"
+          "content": "6fc89a0ee9ae99518ed7c464a8bcd693ff1067d9a4521706cdde5f84b2c4dc1a2968499263e109bc27e5192e622427fb753418fca916569490083e47a3c196c9"
         }
       ]
     },
@@ -596,11 +596,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "6ae4aa2bf71486c1dede4bae72303f54baa0de51b0b66e89381109d167ff006b"
+          "content": "93603ece19e3d299ba7130f3b69c826646172cdbea0ddf91f4dddb9efcbde53c"
         },
         {
           "alg": "SHA3-512",
-          "content": "704ee26183d72c3119a4c8942b0ad7cc06caafe5317cf284486bad8ce0ffa87a130fc87090442087faac392c19b4d1521ceafec6f0401263d421de1b0aa9585f"
+          "content": "cdc1cd7166e5558588a2173ae6551c73c265c1a693993caa786a8f33921d879c12d456a2f8e2f795af7596cec1ad0b15f94d0cede1d6b197322f8c670a99f506"
         }
       ]
     },
@@ -664,6 +664,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:data/playbooks/mail-server-hardening.json",
+      "type": "file",
+      "name": "data/playbooks/mail-server-hardening.json",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "7fe2cdf5257f84561a4e88553b3274eb6aab20543affa36d29686b7ba1ef2abb"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "e77daa000cb93d3a93604cfa14f6c5f5d0dfdff4f54f5985c74717424e476bb5b550c6a781a79f8847d17a1346e42aeb4ba44b53149889a53fa7d907168fb8f7"
+        }
+      ]
+    },
     {
       "bom-ref": "file:data/playbooks/mcp.json",
       "type": "file",
@@ -746,11 +761,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "7e12255843447356cdfe372c20284fe21316abcaa61275267547ab5f8a7b4abb"
+          "content": "1bca35c4d562eb32bf3893b3e978396fad102bdb9e2a2b28189f8940ff3e7a56"
         },
         {
           "alg": "SHA3-512",
-          "content": "ca10e22d96a1c3ca7a219db54015559650679807294169ada3f8584e43846fa57e2ec77b69b53a574bde6ea5eec51e3f92ad5c4730aba0ae020eb8ebf1b85dc6"
+          "content": "239148333b803245899425506b76255cfd0327bda7e0339905c62d599f59ede8cfacc37e4f75cecf5c0a8dc9f3122ce010d4bc1b409928bc1198e7e634ba545d"
         }
       ]
     },
@@ -769,6 +784,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:data/playbooks/vc-wallet-trust.json",
+      "type": "file",
+      "name": "data/playbooks/vc-wallet-trust.json",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "67663610d7fe7fd711dc6dc3a5f6963654263b5f979009faf44e5c60e1135431"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "af609c3248471f5a75cb70f79ffc14042ab8456d78aba70dea4fab7e2ac7a17f42a9997f309db796a372a0fb70a2b6cd6798a13c6c51ced89c5f182c4f1fd0d7"
+        }
+      ]
+    },
     {
       "bom-ref": "file:data/playbooks/webhook-callback-abuse.json",
       "type": "file",
@@ -1721,11 +1751,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "f9823302d0ebe26ddd017b2cee3e01d2fa3e9803c34b49014574fe009c962a6d"
+          "content": "9eeb36ea9d3971a2ace0626c302df3169ac8bd76052eb05aa5bfee499c067465"
         },
         {
           "alg": "SHA3-512",
-          "content": "6122021e2df34e9e554db364cbdf5a2ee964180fcd5dffc02a67c86933072824ffb562d8e300d89e965d0688b06a81089a00494f9a0a757f01afe05001481a8f"
+          "content": "027cba2f1a06f76c9f4fc9fe41da94c072b9d8e3d7700329b9a63cdbea42f2ac335afc40c1a93244590941751bb0253d3e784c5af6c68f65326038b38746433c"
         }
       ]
     },
@@ -1736,11 +1766,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "d207390e8899078b09143fdf8d6642a8e0589533fc043fabf0db57f24ff39e81"
+          "content": "bf05ddf62759f654c02d2564e158a625fdc80cd6b738478dd78de8f93160b48b"
         },
         {
           "alg": "SHA3-512",
-          "content": "91091870ab10f0d31db9ad572089b1496530ed561e6de173ad806d368a939da787386bddf20da5a7b50db79288a185afbef597af38d775438546151c835f1267"
+          "content": "2d5f2db9aa837306e6d01c5f7bc9157ed7b5df5e5bbb38cbf114c18944385805ceecb2b3900121737a4e14c593be34c26fd9c9689b91a4b61b9e0dec88528e82"
         }
       ]
     },
@@ -1751,11 +1781,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "b2f7ad163ce22cedc2a990633761b25d3f436012c20dc162739959f92220161f"
+          "content": "34034540b65202f0d1f1db35378e311d06086d45b00ebb9f6481bcd916c3df0a"
         },
         {
           "alg": "SHA3-512",
-          "content": "342cee9e227424456314cbbdf150ee9a4077ea00d2ae87d58e5301d80492af5cf7f38f1d0aa7f66751c77e7345ddefb40bb5f2ba58921d665985654dce7cfa0c"
+          "content": "e73f9a735b0b672f7bc31d9cf5492cd5bd69c33ccb7c1fb4b22f5ce69594f5512d19c1ffa548e6a014b49a6da00872449d40fd7ca77da25e46ac0ff6f0158de7"
         }
       ]
     },
@@ -2884,6 +2914,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:skills/mail-server-hardening/skill.md",
+      "type": "file",
+      "name": "skills/mail-server-hardening/skill.md",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "0554e23457851ac1cdb3b8217fae902789798db1bbc67c5f4cf1df6fd265cf15"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "d5768c68a3479cd0f8f9b9aad60422805fb03e3de022829f7a4f6794c8d6d0a78daaf36f7f72c840add8021d2299d5133310268f671b04db1df9040d4e1af1e9"
+        }
+      ]
+    },
     {
       "bom-ref": "file:skills/mcp-agent-trust/skill.md",
       "type": "file",
@@ -3154,6 +3199,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:skills/vc-wallet-trust/skill.md",
+      "type": "file",
+      "name": "skills/vc-wallet-trust/skill.md",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "802dada75d934c9ab322246f650eb2eac9e2f72c1f094b0cebcfa605b56108a5"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "bce19482404831b9706509aace15cf36c6a6d10028a26b7d232b4f359a7d7ade3e3fbeac015ed32af4e5ab4410ec4f5c12f1635bd1f2b8687f9ed3d8c5fdd587"
+        }
+      ]
+    },
     {
       "bom-ref": "file:skills/webapp-security/skill.md",
       "type": "file",

package/skills/mail-server-hardening/skill.md

@@ -0,0 +1,84 @@
+---
+name: mail-server-hardening
+version: "1.0.0"
+description: Inbound mail-server protocol hardening for mid-2026 — SMTP smuggling, STARTTLS command/response injection, IMAP/POP3/ManageSieve command injection, Sieve redirect exfiltration, open relay, mailbox-DAV traversal/XXE, and cleartext-AUTH (the server-side protocol layer that SPF/DKIM/DMARC do not protect)
+triggers:
+  - mail server hardening
+  - smtp smuggling
+  - starttls injection
+  - open relay
+  - imap command injection
+  - managesieve
+  - sieve redirect
+  - mailbox dav
+  - caldav
+  - carddav
+  - pop3
+  - mx hardening
+  - rfc 5321
+  - rfc 9051
+  - rfc 5804
+  - mail protocol
+  - inbound mail
+  - smtp listener
+discovery_mode: standalone
+data_deps:
+  - cve-catalog.json
+  - atlas-ttps.json
+  - attack-techniques.json
+  - framework-control-gaps.json
+  - cwe-catalog.json
+  - rfc-references.json
+atlas_refs: []
+attack_refs:
+  - T1190
+  - T1071.003
+  - T1557
+framework_gaps:
+  - NIST-800-53-SI-2
+  - ISO-27001-2022-A.8.8
+  - NIS2-Art21-network-security
+  - PCI-DSS-4.0-6.3.3
+cwe_refs:
+  - CWE-77
+  - CWE-93
+  - CWE-22
+  - CWE-611
+  - CWE-863
+  - CWE-400
+last_threat_review: "2026-06-02"
+---
+
+# Inbound Mail-Server Protocol Hardening
+
+## Threat Context (mid-2026)
+
+A mail server that terminates inbound SMTP, IMAP, POP3, JMAP, or ManageSieve exposes a protocol surface that sender-authentication (SPF/DKIM/DMARC) and transport TLS do not protect. SMTP smuggling (CVE-2023-51764/51765/51766) exploits a server that accepts a non-standard end-of-data sequence to deliver a second message that inherits the outer connection's authentication pass — spoofed mail past DMARC. STARTTLS command/response injection (CVE-2021-38371, CVE-2021-33515) executes attacker plaintext buffered before the handshake. An open relay lends the operator's reputation to spammers. Uncapped Sieve `redirect` is a silent mail-exfiltration primitive. Mailbox-DAV (CalDAV/CardDAV) endpoints add path-traversal and XXE. Each is a configuration or parser-hardening gap, not a CVE to patch.
+
+## Framework Lag Declaration
+
+Organisational mail controls center on sender authentication and transport encryption: SPF, DKIM, DMARC, and a TLS certificate. None prescribe the server-side protocol hardening this skill audits. NIST 800-53 SI-2 expects flaw remediation via a patch cadence, but the smuggling and STARTTLS-injection fixes are configuration (strict end-of-data handling, receive-buffer drain) the patch process never surfaces. NIS2 Art.21 names network security of essential services but assumes SPF/DKIM/DMARC and TLS suffice — they are bypassed at the protocol layer. A clean DMARC + TLS audit is therefore NON-EVIDENCE for inbound protocol hardening; the two address different boundaries.
+
+## TTP Mapping
+
+The inbound mail-protocol failures map to MITRE ATT&CK: **T1190 (Exploit Public-Facing Application)** for command-literal injection in the IMAP/POP3/ManageSieve parsers and mailbox-DAV traversal/XXE; **T1071.003 (Application Layer Protocol: Mail Protocols)** for SMTP smuggling delivering spoofed mail and open-relay abuse; and **T1557 (Adversary-in-the-Middle)** for STARTTLS receive-buffer injection that crosses the TLS boundary. Cleartext AUTH before STARTTLS enables **T1040 (Network Sniffing)**; absent auth rate limiting enables **T1110 (Brute Force)**; uncapped Sieve redirect enables **T1114 (Email Collection)**. The weakness classes are CWE-93 (CRLF/smuggling), CWE-77 (command injection), CWE-22 (path traversal), CWE-611 (XXE), CWE-863 (open-relay authorization), and CWE-400 (uncapped Sieve/PUTSCRIPT resource use).
+
+## Exploit Availability Matrix
+
+These are protocol-posture gaps, so weaponisation is low-cost and reusable. SMTP smuggling has public tooling (SEC Consult, December 2023) and the CVE-2023-51764/51765/51766 entries are catalogued. STARTTLS injection has public test tooling from the 2021 "NO STARTTLS" research (CVE-2021-38371, CVE-2021-33515). Open-relay testing requires only an unauthenticated MAIL FROM + RCPT TO probe. Command-literal injection and mailbox-DAV traversal require only a crafted protocol line. None need a novel exploit; the exploit is the absence of the check. Real-world priority is driven by internet-reachability of the listener and whether the gap yields spoofing/relay (reputation + phishing delivery) or mailbox-data exposure.
+
+## Analysis Procedure
+
+1. Inventory every inbound mail listener and its port (implicit-TLS 465/993/995 vs opportunistic-STARTTLS 25/587/143/110/4190). 2. Probe SMTP for non-standard end-of-data acceptance (smuggling) and unauthenticated relay. 3. Probe each opportunistic-STARTTLS listener for an undrained pre-handshake buffer and for AUTH offered before TLS. 4. Inspect the IMAP/POP3 parsers for bare-CR/LF acceptance and the ManageSieve listener for unbounded PUTSCRIPT and cleartext AUTH. 5. Inspect the Sieve engine for an uncapped `redirect` and the mailbox-DAV endpoint for traversal + XXE. 6. Confirm auth rate limiting / greylisting is active. Run the `mail-server-hardening` playbook to execute these as detect indicators with false-positive checks, then score by reachability and impact class.
+
+## Output Format
+
+Report per listener and protocol, marking each hardening check enforced / missing / inconclusive (visibility gap). For every missing check, state the port, whether it is internet-facing, and whether the gap yields spoofing/relay or mailbox-data exposure. Distinguish a live-listener finding from a documented test fixture or an upstream-proxy-enforced control. Provide the prioritised remediation (enforce standard end-of-data, drain the STARTTLS buffer and gate AUTH on TLS, harden the command parsers, restrict relay and cap Sieve redirect, harden mailbox-DAV and add rate limits) and the negative validation tests that prove each fix (smuggling rejected, relay rejected, STARTTLS injection rejected) plus the functional test that legitimate mail still flows.
+
+## Compliance Theater Check
+
+The recurring theater is "we have SPF/DKIM/DMARC and TLS, so our mail server is secure" and "relay is restricted in our config." Sender authentication and transport TLS protect different boundaries than the inbound protocol parser; a config flag is not evidence the listener enforces it. The distinguishing test: probe the live inbound listener for non-standard end-of-data acceptance, an undrained STARTTLS buffer, unauthenticated relay, and cleartext AUTH. If any probe succeeds, the DMARC record and TLS certificate did not protect the protocol layer, and the assurance is paper. "Relay is restricted" is theater until an unauthenticated RCPT-to-external probe is actually refused.
+
+## Defensive Countermeasure Mapping
+
+Map findings to MITRE D3FEND: strict end-of-data enforcement and command-parser hardening realise Message Authentication and Inbound Traffic Filtering (countering T1071.003/T1190); STARTTLS receive-buffer draining and AUTH-after-TLS gating realise Transport Session Integrity (countering T1557/T1040); relay authorization realises Outbound Traffic Filtering (countering open-relay reputation abuse); Sieve redirect caps realise Email Filtering (countering T1114 exfiltration). Pair the protocol hardening with auth rate limiting and greylisting (countering T1110). The residual risk after hardening is a compromised authenticated account acting within its own authorization, which protocol hardening does not address — accept it at the CISO level with identity-control compensation.

package/skills/vc-wallet-trust/skill.md

@@ -0,0 +1,84 @@
+---
+name: vc-wallet-trust
+version: "1.0.0"
+description: Verifiable-credential / digital-wallet verifier trust for mid-2026 — SD-JWT-VC, OID4VCI/OID4VP, mdoc (ISO 18013-5), DID resolution, OAuth Token Status List revocation, OpenID Federation trust anchors, and the EUDI wallet (eIDAS 2.0) acceptance path
+triggers:
+  - verifiable credential
+  - digital wallet
+  - sd-jwt-vc
+  - oid4vp
+  - oid4vci
+  - mdoc
+  - mdl
+  - iso 18013-5
+  - eudi wallet
+  - eidas 2.0
+  - did:web
+  - status list
+  - credential revocation
+  - openid federation
+  - trust anchor
+  - credential verifier
+  - presentation exchange
+  - dcql
+discovery_mode: standalone
+data_deps:
+  - cve-catalog.json
+  - atlas-ttps.json
+  - attack-techniques.json
+  - framework-control-gaps.json
+  - cwe-catalog.json
+  - rfc-references.json
+atlas_refs: []
+attack_refs:
+  - T1556
+  - T1606
+  - T1550
+framework_gaps:
+  - NIST-800-63B-rev4
+  - NIST-800-53-IA-5-Federated
+  - ISO-27001-2022-A.5.16-Federated
+  - NIS2-Art-21-Federated-Identity
+  - UK-CAF-B2
+cwe_refs:
+  - CWE-347
+  - CWE-290
+  - CWE-863
+  - CWE-200
+  - CWE-672
+last_threat_review: "2026-06-02"
+---
+
+# Verifiable-Credential / Digital-Wallet Verifier Trust
+
+## Threat Context (mid-2026)
+
+A credential verifier is a trust boundary: every verifiable credential it accepts grants whatever the credential asserts — age, residency, employment, professional licence, payment authority. With the EU Digital Identity Wallet (eIDAS 2.0) rolling out and ISO 18013-5 mobile driving licences in production, verifiers across payments, age-gating, and onboarding now accept SD-JWT-VC, OID4VP, and mdoc presentations from wallets they do not control. The dominant abuse is not breaking the cryptography but exploiting a missing trust check: an issuer key the verifier never pinned to an anchor, a revocation status it never read, a presentation it never bound to a fresh challenge, or a device signature it never verified. Each lets an attacker present a forged, revoked, or replayed credential that the verifier treats as authentic.
+
+## Framework Lag Declaration
+
+Organisational identity controls were written for service-to-service and human-credential authentication and are silent on the verifiable-credential acceptance path. NIST 800-53 IA-9 (service identification) and IA-5 (authenticator management) do not require credential issuer trust-anchor pinning or presentation replay-binding. ISO 27001:2022 A.5.16 governs the lifecycle of internal identities, not the trust model for externally-issued credentials a verifier accepts. NIS2 Art.21 names supply-chain trust of entities but not the cryptographic anchor model for the credentials those entities present. A clean identity-control audit is therefore NON-EVIDENCE for verifier trust posture; the controls predate the wallet ecosystem and do not exercise it.
+
+## TTP Mapping
+
+The verifier-trust failure modes map to MITRE ATT&CK: **T1606 (Forge Web Credentials)** for accepting a credential from an unanchored or algorithm-substituted issuer key; **T1556 (Modify Authentication Process)** for trusting an unpinned did:web document, an unverified key attestation, or an unanchored federation chain; and **T1550 (Use Alternate Authentication Material)** for replaying a presentation that lacks nonce/audience binding, replaying issuer-signed mdoc data without device-auth, or presenting a revoked credential whose status was never checked. The weakness classes are CWE-347 (improper signature verification), CWE-290 (authentication bypass by spoofing), CWE-672 (operation on a resource after expiration/revocation), CWE-863 (incorrect authorization), and CWE-200 (over-disclosure of personal claims).
+
+## Exploit Availability Matrix
+
+These are configuration and code-posture gaps, not single-CVE exploits, so weaponisation cost is low and reusable. Forging an unanchored issuer requires only standing up an OID4VCI issuer or serving a crafted did:web document — commodity tooling. Replaying an unbound presentation requires capturing one valid presentation and resubmitting it. Presenting a revoked credential requires nothing beyond holding a credential whose authorisation was withdrawn. Algorithm-substitution requires the verifier library to accept an unexpected alg. None require a published CVE; the exploit is the absence of the check. Real-world priority is driven by reachability (internet-facing verifier) and the value of the entitlement the credential gates, not by a CVSS score.
+
+## Analysis Procedure
+
+1. Inventory every service that ACCEPTS credentials (issuer-only services are out of scope for the verifier checks). 2. For each accepted format (SD-JWT-VC, OID4VP, mdoc, DID-identified), read the verifier accept-path and answer: is the issuer key validated against a pinned trust anchor or issuer allowlist? 3. Is the revocation / status-list resolved and enforced fail-closed? 4. Are presentations bound to a fresh verifier-issued nonce and audience (key-binding required, device-auth verified for mdoc)? 5. Is an explicit signature-algorithm allowlist enforced with "none" and unexpected symmetric algorithms refused? 6. Are disclosed claims filtered to the requested query (no over-disclosure)? Run the `vc-wallet-trust` playbook to execute these as detect indicators with false-positive checks, then score by reachability and entitlement value.
+
+## Output Format
+
+Report per accepted credential format, listing each trust check as enforced / missing / inconclusive (visibility gap). For every missing check, state the credential types and downstream entitlements it gates, whether the verifier is internet-facing, and the resulting blast radius. Distinguish a production-reachable gap from a test-only resolver. Provide the prioritised remediation (pin issuer anchors, enforce revocation fail-closed, bind presentations to nonce+audience, verify mdoc device-auth, enforce an algorithm allowlist, filter to requested claims) and the negative validation tests that prove each fix (forged-issuer rejected, revoked rejected, replayed rejected) plus the positive test that the legitimate path still accepts.
+
+## Compliance Theater Check
+
+The recurring theater is "we accept a certified wallet, so acceptance is trustworthy" and "the signature verified, so the credential is trusted." Wallet certification covers the wallet, not the verifier; a valid signature only proves some key signed the credential, not that the issuer is authentic. The distinguishing test: ask for the verifier's trust-anchor / issuer-allowlist configuration, the revocation check on the accept path, and the presentation nonce/audience binding. If acceptance succeeds against an unpinned issuer key, a never-read status list, or an unbound presentation, the assurance is paper. "Our credentials support a status list" is theater unless the verifier accept-path actually fetches and enforces it.
+
+## Defensive Countermeasure Mapping
+
+Map findings to MITRE D3FEND: trust-anchor pinning and issuer-allowlist validation realise Credential Hardening and Certificate Pinning (countering T1606/T1556); presentation nonce/audience binding and mdoc device-auth verification realise Authentication Event Thresholding and Message Authentication (countering T1550 replay); fail-closed revocation enforcement realises Credential Revoking. Pair the verifier checks with issuer key-rotation monitoring and a fast anchor-revocation path so a compromised-but-trusted issuer can be removed quickly. The residual risk after pinning is a trusted issuer's own key compromise, which trust-anchor pinning does not address — accept it at the CISO level with compensating issuer-key monitoring.