@blamejs/exceptd-skills 0.16.11 → 0.16.12

package/data/_indexes/currency.json

@@ -6,7 +6,7 @@
     "decay_formula": "100 base; -30/-20/-10/-5 at 180/90/60/30-day thresholds. forward_watch count does NOT affect the score (it's a maintenance signal, not a staleness one). Label thresholds: ≥90 current, ≥70 acceptable, ≥50 stale, <50 critical_stale."
   },
   "summary": {
-    "current": 43,
+    "current": 44,
     "acceptable": 0,
     "stale": 0,
     "critical_stale": 0,
@@ -211,6 +211,15 @@
       "forward_watch_count": 4,
       "action_required": false
     },
+    {
+      "skill": "mail-server-hardening",
+      "last_threat_review": "2026-06-02",
+      "days_since_review": -18,
+      "currency_score": 100,
+      "currency_label": "current",
+      "forward_watch_count": 0,
+      "action_required": false
+    },
     {
       "skill": "mcp-agent-trust",
       "last_threat_review": "2026-05-17",

package/data/_indexes/frequency.json

@@ -78,10 +78,11 @@
         ]
       },
       "CWE-22": {
-        "count": 4,
+        "count": 5,
         "skills": [
           "api-security",
           "attack-surface-pentest",
+          "mail-server-hardening",
           "mcp-agent-trust",
           "webapp-security"
         ]
@@ -119,9 +120,10 @@
         ]
       },
       "CWE-77": {
-        "count": 3,
+        "count": 4,
         "skills": [
           "api-security",
+          "mail-server-hardening",
           "mcp-agent-trust",
           "webapp-security"
         ]
@@ -302,12 +304,13 @@
         ]
       },
       "CWE-863": {
-        "count": 7,
+        "count": 8,
         "skills": [
           "api-security",
           "cloud-iam-incident",
           "identity-assurance",
           "idp-incident-response",
+          "mail-server-hardening",
           "sector-financial",
           "vc-wallet-trust",
           "webapp-security"
@@ -344,6 +347,24 @@
         "skills": [
           "vc-wallet-trust"
         ]
+      },
+      "CWE-93": {
+        "count": 1,
+        "skills": [
+          "mail-server-hardening"
+        ]
+      },
+      "CWE-611": {
+        "count": 1,
+        "skills": [
+          "mail-server-hardening"
+        ]
+      },
+      "CWE-400": {
+        "count": 1,
+        "skills": [
+          "mail-server-hardening"
+        ]
       }
     },
     "d3fend_refs": {
@@ -529,22 +550,25 @@
     },
     "framework_gaps": {
       "NIST-800-53-SI-2": {
-        "count": 1,
+        "count": 2,
         "skills": [
-          "kernel-lpe-triage"
+          "kernel-lpe-triage",
+          "mail-server-hardening"
         ]
       },
       "ISO-27001-2022-A.8.8": {
-        "count": 2,
+        "count": 3,
         "skills": [
           "coordinated-vuln-disclosure",
-          "kernel-lpe-triage"
+          "kernel-lpe-triage",
+          "mail-server-hardening"
         ]
       },
       "PCI-DSS-4.0-6.3.3": {
-        "count": 1,
+        "count": 2,
         "skills": [
-          "kernel-lpe-triage"
+          "kernel-lpe-triage",
+          "mail-server-hardening"
         ]
       },
       "NIS2-Art21-patch-management": {
@@ -1094,6 +1118,12 @@
         "skills": [
           "vc-wallet-trust"
         ]
+      },
+      "NIS2-Art21-network-security": {
+        "count": 1,
+        "skills": [
+          "mail-server-hardening"
+        ]
       }
     },
     "atlas_refs": {
@@ -1232,7 +1262,7 @@
         ]
       },
       "T1190": {
-        "count": 13,
+        "count": 14,
         "skills": [
           "ai-attack-surface",
           "api-security",
@@ -1240,6 +1270,7 @@
           "cloud-security",
           "container-runtime-security",
           "fuzz-testing-strategy",
+          "mail-server-hardening",
           "mcp-agent-trust",
           "ot-ics-security",
           "sector-energy",
@@ -1500,6 +1531,18 @@
         "skills": [
           "vc-wallet-trust"
         ]
+      },
+      "T1071.003": {
+        "count": 1,
+        "skills": [
+          "mail-server-hardening"
+        ]
+      },
+      "T1557": {
+        "count": 1,
+        "skills": [
+          "mail-server-hardening"
+        ]
       }
     },
     "rfc_refs": {
@@ -1709,6 +1752,20 @@
           "webapp-security"
         ]
       },
+      {
+        "id": "CWE-863",
+        "count": 8,
+        "skills": [
+          "api-security",
+          "cloud-iam-incident",
+          "identity-assurance",
+          "idp-incident-response",
+          "mail-server-hardening",
+          "sector-financial",
+          "vc-wallet-trust",
+          "webapp-security"
+        ]
+      },
       {
         "id": "CWE-200",
         "count": 7,
@@ -1748,19 +1805,6 @@
           "webapp-security"
         ]
       },
-      {
-        "id": "CWE-863",
-        "count": 7,
-        "skills": [
-          "api-security",
-          "cloud-iam-incident",
-          "identity-assurance",
-          "idp-incident-response",
-          "sector-financial",
-          "vc-wallet-trust",
-          "webapp-security"
-        ]
-      },
       {
         "id": "CWE-1188",
         "count": 6,
@@ -2167,41 +2211,42 @@
     ],
     "attack_refs": [
       {
-        "id": "T1078",
-        "count": 13,
+        "id": "T1190",
+        "count": 14,
         "skills": [
-          "age-gates-child-safety",
+          "ai-attack-surface",
           "api-security",
           "attack-surface-pentest",
-          "cloud-iam-incident",
           "cloud-security",
-          "email-security-anti-phishing",
-          "identity-assurance",
-          "incident-response-playbook",
-          "ransomware-response",
+          "container-runtime-security",
+          "fuzz-testing-strategy",
+          "mail-server-hardening",
+          "mcp-agent-trust",
+          "ot-ics-security",
           "sector-energy",
+          "sector-federal-government",
           "sector-financial",
-          "sector-healthcare",
-          "sector-telecom"
+          "sector-telecom",
+          "webapp-security"
         ]
       },
       {
-        "id": "T1190",
+        "id": "T1078",
         "count": 13,
         "skills": [
-          "ai-attack-surface",
+          "age-gates-child-safety",
           "api-security",
           "attack-surface-pentest",
+          "cloud-iam-incident",
           "cloud-security",
-          "container-runtime-security",
-          "fuzz-testing-strategy",
-          "mcp-agent-trust",
-          "ot-ics-security",
+          "email-security-anti-phishing",
+          "identity-assurance",
+          "incident-response-playbook",
+          "ransomware-response",
           "sector-energy",
-          "sector-federal-government",
           "sector-financial",
-          "sector-telecom",
-          "webapp-security"
+          "sector-healthcare",
+          "sector-telecom"
         ]
       },
       {
@@ -2407,7 +2452,10 @@
       "CWE-284",
       "CWE-290",
       "CWE-327",
-      "CWE-347"
+      "CWE-347",
+      "CWE-400",
+      "CWE-611",
+      "CWE-93"
     ],
     "d3fend_refs": [
       "D3-CAA",
@@ -2438,15 +2486,14 @@
       "Immutable-Backup-Recovery",
       "Insurance-Carrier-24h-Notification",
       "NIS2-Annex-I-Telecom",
+      "NIS2-Art21-network-security",
       "NIST-800-53-AC-2-Cross-Account",
       "NIST-800-53-SI-12",
-      "NIST-800-53-SI-2",
       "OFAC-SDN-Payment-Block",
       "OFAC-Sanctions-Threat-Actor-Negotiation",
       "OWASP-LLM-Top-10-2025-LLM02",
       "OWASP-LLM-Top-10-2025-LLM06",
       "OWASP-Pen-Testing-Guide-v5",
-      "PCI-DSS-4.0-6.3.3",
       "PHI-Exfil-Before-Encrypt-Breach-Class",
       "PTES-Pre-engagement",
       "SOC2-CC6-Access-Key-Leak-Public-Repo",
@@ -2462,6 +2509,7 @@
       "AML.T0040"
     ],
     "attack_refs": [
+      "T1071.003",
       "T1098",
       "T1102",
       "T1110",
@@ -2475,6 +2523,7 @@
       "T1552",
       "T1552.005",
       "T1556.007",
+      "T1557",
       "T1566.001",
       "T1566.002",
       "T1566.003",
@@ -2567,7 +2616,6 @@
       "CWE-384",
       "CWE-385",
       "CWE-399",
-      "CWE-400",
       "CWE-420",
       "CWE-426",
       "CWE-427",
@@ -2593,7 +2641,6 @@
       "CWE-566",
       "CWE-59",
       "CWE-601",
-      "CWE-611",
       "CWE-613",
       "CWE-614",
       "CWE-639",
@@ -2634,7 +2681,6 @@
       "CWE-917",
       "CWE-922",
       "CWE-924",
-      "CWE-93",
       "CWE-940",
       "CWE-941",
       "CWE-942",
@@ -3311,7 +3357,6 @@
       "NIS2-Art21-business-continuity",
       "NIS2-Art21-identity-management",
       "NIS2-Art21-incident-handling",
-      "NIS2-Art21-network-security",
       "NIS2-Art21-supply-chain",
       "NIS2-Art21-vulnerability-handling",
       "NIS2-Art21-vulnerability-management",

package/data/_indexes/handoff-dag.json

@@ -22,6 +22,7 @@
     "idp-incident-response",
     "incident-response-playbook",
     "kernel-lpe-triage",
+    "mail-server-hardening",
     "mcp-agent-trust",
     "mlops-security",
     "ot-ics-security",
@@ -515,7 +516,8 @@
       "sector-financial",
       "sector-telecom"
     ],
-    "vc-wallet-trust": []
+    "vc-wallet-trust": [],
+    "mail-server-hardening": []
   },
   "in_degree": {
     "age-gates-child-safety": 1,
@@ -540,6 +542,7 @@
     "idp-incident-response": 2,
     "incident-response-playbook": 18,
     "kernel-lpe-triage": 12,
+    "mail-server-hardening": 0,
     "mcp-agent-trust": 22,
     "mlops-security": 6,
     "ot-ics-security": 4,
@@ -585,6 +588,7 @@
     "idp-incident-response": 12,
     "incident-response-playbook": 20,
     "kernel-lpe-triage": 6,
+    "mail-server-hardening": 0,
     "mcp-agent-trust": 7,
     "mlops-security": 10,
     "ot-ics-security": 14,

package/data/_indexes/jurisdiction-map.json

@@ -23,6 +23,7 @@
       "idp-incident-response",
       "incident-response-playbook",
       "kernel-lpe-triage",
+      "mail-server-hardening",
       "mcp-agent-trust",
       "mlops-security",
       "ot-ics-security",
@@ -46,7 +47,7 @@
       "zeroday-gap-learn"
     ],
     "example_excerpts": {},
-    "skill_count": 43
+    "skill_count": 44
   },
   "UK": {
     "skills": [
@@ -499,11 +500,12 @@
   },
   "NO": {
     "skills": [
+      "mail-server-hardening",
       "sector-energy",
       "skill-update-loop"
     ],
     "example_excerpts": {},
-    "skill_count": 2
+    "skill_count": 3
   },
   "MX": {
     "skills": [

package/data/_indexes/section-offsets.json

@@ -4382,6 +4382,91 @@
           "h3_count": 0
         }
       ]
+    },
+    "mail-server-hardening": {
+      "path": "skills/mail-server-hardening/skill.md",
+      "total_bytes": 7461,
+      "total_lines": 85,
+      "frontmatter": {
+        "line_start": 1,
+        "line_end": 50,
+        "byte_start": 0,
+        "byte_end": 1156
+      },
+      "sections": [
+        {
+          "name": "Threat Context (mid-2026)",
+          "normalized_name": "threat-context",
+          "line": 54,
+          "byte_start": 1199,
+          "byte_end": 2027,
+          "bytes": 828,
+          "h3_count": 0
+        },
+        {
+          "name": "Framework Lag Declaration",
+          "normalized_name": "framework-lag-declaration",
+          "line": 58,
+          "byte_start": 2027,
+          "byte_end": 2736,
+          "bytes": 709,
+          "h3_count": 0
+        },
+        {
+          "name": "TTP Mapping",
+          "normalized_name": "ttp-mapping",
+          "line": 62,
+          "byte_start": 2736,
+          "byte_end": 3583,
+          "bytes": 847,
+          "h3_count": 0
+        },
+        {
+          "name": "Exploit Availability Matrix",
+          "normalized_name": "exploit-availability-matrix",
+          "line": 66,
+          "byte_start": 3583,
+          "byte_end": 4337,
+          "bytes": 754,
+          "h3_count": 0
+        },
+        {
+          "name": "Analysis Procedure",
+          "normalized_name": "analysis-procedure",
+          "line": 70,
+          "byte_start": 4337,
+          "byte_end": 5143,
+          "bytes": 806,
+          "h3_count": 0
+        },
+        {
+          "name": "Output Format",
+          "normalized_name": "output-format",
+          "line": 74,
+          "byte_start": 5143,
+          "byte_end": 5924,
+          "bytes": 781,
+          "h3_count": 0
+        },
+        {
+          "name": "Compliance Theater Check",
+          "normalized_name": "compliance-theater-check",
+          "line": 78,
+          "byte_start": 5924,
+          "byte_end": 6639,
+          "bytes": 715,
+          "h3_count": 0
+        },
+        {
+          "name": "Defensive Countermeasure Mapping",
+          "normalized_name": "defensive-countermeasure-mapping",
+          "line": 82,
+          "byte_start": 6639,
+          "byte_end": 7461,
+          "bytes": 822,
+          "h3_count": 0
+        }
+      ]
     }
   }
 }

package/data/_indexes/stale-content.json

@@ -15,7 +15,7 @@
       "severity": "medium",
       "category": "researcher_claim_drift",
       "artifact": "skills/researcher/skill.md",
-      "detail": "claims 41 specialized skills downstream; live count is 42"
+      "detail": "claims 41 specialized skills downstream; live count is 43"
     }
   ]
 }

package/data/_indexes/summary-cards.json

@@ -2023,6 +2023,46 @@
       "last_threat_review": "2026-06-02",
       "path": "skills/vc-wallet-trust/skill.md",
       "handoff_targets": []
+    },
+    "mail-server-hardening": {
+      "description": "Inbound mail-server protocol hardening for mid-2026 — SMTP smuggling, STARTTLS command/response injection, IMAP/POP3/ManageSieve command injection, Sieve redirect exfiltration, open relay, mailbox-DAV traversal/XXE, and cleartext-AUTH (the server-side protocol layer that SPF/DKIM/DMARC do not protect)",
+      "threat_context_excerpt": "A mail server that terminates inbound SMTP, IMAP, POP3, JMAP, or ManageSieve exposes a protocol surface that sender-authentication (SPF/DKIM/DMARC) and transport TLS do not protect. SMTP smuggling (CVE-2023-51764/51765/51766) exploits a server that accepts a non-standard end-of-data sequence to deliver a second message that inherits the outer connection's authentication pass — spoofed mail past DMARC. STARTTLS command/response injection (CVE-2021-38371, CVE-2021-33515) executes attacker plaintext buffered before the handshake. An open relay lends the operator's reputation to spammers. ...",
+      "produces": "Report per listener and protocol, marking each hardening check enforced / missing / inconclusive (visibility gap). For every missing check, state the port, whether it is internet-facing, and whether the gap yields spoofing/relay or mailbox-data exposure. Distinguish a live-listener finding from a documented test fixture or an upstream-proxy-enforced control. Provide the prioritised remediation (enforce standard end-of-data, drain the STARTTLS buffer and gate AUTH on TLS, harden the command parsers, restrict relay and cap Sieve redirect, harden mailbox-DAV and add rate limits) and the negative  ...",
+      "key_xrefs": {
+        "cwe_refs": [
+          "CWE-77",
+          "CWE-93",
+          "CWE-22",
+          "CWE-611",
+          "CWE-863",
+          "CWE-400"
+        ],
+        "d3fend_refs": [],
+        "framework_gaps": [
+          "NIST-800-53-SI-2",
+          "ISO-27001-2022-A.8.8",
+          "NIS2-Art21-network-security",
+          "PCI-DSS-4.0-6.3.3"
+        ],
+        "atlas_refs": [],
+        "attack_refs": [
+          "T1190",
+          "T1071.003",
+          "T1557"
+        ],
+        "rfc_refs": [],
+        "dlp_refs": []
+      },
+      "trigger_count": 18,
+      "atlas_count": 0,
+      "attack_count": 3,
+      "framework_gap_count": 4,
+      "cwe_count": 6,
+      "d3fend_count": 0,
+      "rfc_count": 0,
+      "last_threat_review": "2026-06-02",
+      "path": "skills/mail-server-hardening/skill.md",
+      "handoff_targets": []
     }
   }
 }

package/data/_indexes/token-budget.json

@@ -3,9 +3,9 @@
     "schema_version": "1.0.0",
     "tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
     "approx_chars_per_token": 4,
-    "total_chars": 1682784,
-    "total_approx_tokens": 420699,
-    "skill_count": 43
+    "total_chars": 1690237,
+    "total_approx_tokens": 422562,
+    "skill_count": 44
   },
   "skills": {
     "kernel-lpe-triage": {
@@ -2552,6 +2552,56 @@
           "approx_tokens": 194
         }
       }
+    },
+    "mail-server-hardening": {
+      "path": "skills/mail-server-hardening/skill.md",
+      "bytes": 7461,
+      "chars": 7453,
+      "lines": 85,
+      "approx_tokens": 1863,
+      "approx_chars_per_token": 4,
+      "sections": {
+        "threat-context": {
+          "bytes": 828,
+          "chars": 826,
+          "approx_tokens": 207
+        },
+        "framework-lag-declaration": {
+          "bytes": 709,
+          "chars": 707,
+          "approx_tokens": 177
+        },
+        "ttp-mapping": {
+          "bytes": 847,
+          "chars": 847,
+          "approx_tokens": 212
+        },
+        "exploit-availability-matrix": {
+          "bytes": 754,
+          "chars": 754,
+          "approx_tokens": 189
+        },
+        "analysis-procedure": {
+          "bytes": 806,
+          "chars": 806,
+          "approx_tokens": 202
+        },
+        "output-format": {
+          "bytes": 781,
+          "chars": 781,
+          "approx_tokens": 195
+        },
+        "compliance-theater-check": {
+          "bytes": 715,
+          "chars": 715,
+          "approx_tokens": 179
+        },
+        "defensive-countermeasure-mapping": {
+          "bytes": 822,
+          "chars": 820,
+          "approx_tokens": 205
+        }
+      }
     }
   }
 }

package/data/_indexes/trigger-table.json

@@ -1680,5 +1680,59 @@
   ],
   "dcql": [
     "vc-wallet-trust"
+  ],
+  "mail server hardening": [
+    "mail-server-hardening"
+  ],
+  "smtp smuggling": [
+    "mail-server-hardening"
+  ],
+  "starttls injection": [
+    "mail-server-hardening"
+  ],
+  "open relay": [
+    "mail-server-hardening"
+  ],
+  "imap command injection": [
+    "mail-server-hardening"
+  ],
+  "managesieve": [
+    "mail-server-hardening"
+  ],
+  "sieve redirect": [
+    "mail-server-hardening"
+  ],
+  "mailbox dav": [
+    "mail-server-hardening"
+  ],
+  "caldav": [
+    "mail-server-hardening"
+  ],
+  "carddav": [
+    "mail-server-hardening"
+  ],
+  "pop3": [
+    "mail-server-hardening"
+  ],
+  "mx hardening": [
+    "mail-server-hardening"
+  ],
+  "rfc 5321": [
+    "mail-server-hardening"
+  ],
+  "rfc 9051": [
+    "mail-server-hardening"
+  ],
+  "rfc 5804": [
+    "mail-server-hardening"
+  ],
+  "mail protocol": [
+    "mail-server-hardening"
+  ],
+  "inbound mail": [
+    "mail-server-hardening"
+  ],
+  "smtp listener": [
+    "mail-server-hardening"
   ]
 }