@blamejs/exceptd-skills 0.16.15 → 0.16.16

package/data/_indexes/currency.json

@@ -6,7 +6,7 @@
     "decay_formula": "100 base; -30/-20/-10/-5 at 180/90/60/30-day thresholds. forward_watch count does NOT affect the score (it's a maintenance signal, not a staleness one). Label thresholds: ≥90 current, ≥70 acceptable, ≥50 stale, <50 critical_stale."
   },
   "summary": {
-    "current": 47,
+    "current": 48,
     "acceptable": 0,
     "stale": 0,
     "critical_stale": 0,
@@ -247,6 +247,15 @@
       "forward_watch_count": 6,
       "action_required": false
     },
+    {
+      "skill": "multitenancy-isolation",
+      "last_threat_review": "2026-06-02",
+      "days_since_review": -18,
+      "currency_score": 100,
+      "currency_label": "current",
+      "forward_watch_count": 0,
+      "action_required": false
+    },
     {
       "skill": "network-trust",
       "last_threat_review": "2026-06-02",

package/data/_indexes/frequency.json

@@ -309,13 +309,14 @@
         ]
       },
       "CWE-863": {
-        "count": 8,
+        "count": 9,
         "skills": [
           "api-security",
           "cloud-iam-incident",
           "identity-assurance",
           "idp-incident-response",
           "mail-server-hardening",
+          "multitenancy-isolation",
           "sector-financial",
           "vc-wallet-trust",
           "webapp-security"
@@ -371,9 +372,10 @@
         ]
       },
       "CWE-400": {
-        "count": 1,
+        "count": 2,
         "skills": [
-          "mail-server-hardening"
+          "mail-server-hardening",
+          "multitenancy-isolation"
         ]
       },
       "CWE-778": {
@@ -387,6 +389,24 @@
         "skills": [
           "self-update-integrity"
         ]
+      },
+      "CWE-639": {
+        "count": 1,
+        "skills": [
+          "multitenancy-isolation"
+        ]
+      },
+      "CWE-770": {
+        "count": 1,
+        "skills": [
+          "multitenancy-isolation"
+        ]
+      },
+      "CWE-668": {
+        "count": 1,
+        "skills": [
+          "multitenancy-isolation"
+        ]
       }
     },
     "d3fend_refs": {
@@ -980,8 +1000,9 @@
         ]
       },
       "AU-ISM-1556": {
-        "count": 2,
+        "count": 3,
         "skills": [
+          "multitenancy-isolation",
           "sector-telecom",
           "self-update-integrity"
         ]
@@ -1146,10 +1167,11 @@
         ]
       },
       "NIS2-Art21-network-security": {
-        "count": 4,
+        "count": 5,
         "skills": [
           "audit-log-integrity",
           "mail-server-hardening",
+          "multitenancy-isolation",
           "network-trust",
           "self-update-integrity"
         ]
@@ -1161,8 +1183,9 @@
         ]
       },
       "UK-CAF-B4": {
-        "count": 2,
+        "count": 3,
         "skills": [
+          "multitenancy-isolation",
           "network-trust",
           "self-update-integrity"
         ]
@@ -1178,6 +1201,12 @@
         "skills": [
           "self-update-integrity"
         ]
+      },
+      "NIST-800-53-AC-3": {
+        "count": 1,
+        "skills": [
+          "multitenancy-isolation"
+        ]
       }
     },
     "atlas_refs": {
@@ -1376,7 +1405,7 @@
         ]
       },
       "T1078": {
-        "count": 13,
+        "count": 14,
         "skills": [
           "age-gates-child-safety",
           "api-security",
@@ -1386,6 +1415,7 @@
           "email-security-anti-phishing",
           "identity-assurance",
           "incident-response-playbook",
+          "multitenancy-isolation",
           "ransomware-response",
           "sector-energy",
           "sector-financial",
@@ -1406,10 +1436,11 @@
         ]
       },
       "T1530": {
-        "count": 3,
+        "count": 4,
         "skills": [
           "cloud-security",
           "dlp-gap-analysis",
+          "multitenancy-isolation",
           "sector-healthcare"
         ]
       },
@@ -1630,6 +1661,18 @@
         "skills": [
           "self-update-integrity"
         ]
+      },
+      "T1499": {
+        "count": 1,
+        "skills": [
+          "multitenancy-isolation"
+        ]
+      },
+      "T1499.001": {
+        "count": 1,
+        "skills": [
+          "multitenancy-isolation"
+        ]
       }
     },
     "rfc_refs": {
@@ -1841,13 +1884,14 @@
       },
       {
         "id": "CWE-863",
-        "count": 8,
+        "count": 9,
         "skills": [
           "api-security",
           "cloud-iam-incident",
           "identity-assurance",
           "idp-incident-response",
           "mail-server-hardening",
+          "multitenancy-isolation",
           "sector-financial",
           "vc-wallet-trust",
           "webapp-security"
@@ -2122,6 +2166,17 @@
           "sector-healthcare"
         ]
       },
+      {
+        "id": "NIS2-Art21-network-security",
+        "count": 5,
+        "skills": [
+          "audit-log-integrity",
+          "mail-server-hardening",
+          "multitenancy-isolation",
+          "network-trust",
+          "self-update-integrity"
+        ]
+      },
       {
         "id": "SOC2-CC7-anomaly-detection",
         "count": 5,
@@ -2163,16 +2218,6 @@
           "threat-modeling-methodology"
         ]
       },
-      {
-        "id": "NIS2-Art21-network-security",
-        "count": 4,
-        "skills": [
-          "audit-log-integrity",
-          "mail-server-hardening",
-          "network-trust",
-          "self-update-integrity"
-        ]
-      },
       {
         "id": "NIS2-Art21-patch-management",
         "count": 4,
@@ -2298,6 +2343,26 @@
       }
     ],
     "attack_refs": [
+      {
+        "id": "T1078",
+        "count": 14,
+        "skills": [
+          "age-gates-child-safety",
+          "api-security",
+          "attack-surface-pentest",
+          "cloud-iam-incident",
+          "cloud-security",
+          "email-security-anti-phishing",
+          "identity-assurance",
+          "incident-response-playbook",
+          "multitenancy-isolation",
+          "ransomware-response",
+          "sector-energy",
+          "sector-financial",
+          "sector-healthcare",
+          "sector-telecom"
+        ]
+      },
       {
         "id": "T1190",
         "count": 14,
@@ -2318,25 +2383,6 @@
           "webapp-security"
         ]
       },
-      {
-        "id": "T1078",
-        "count": 13,
-        "skills": [
-          "age-gates-child-safety",
-          "api-security",
-          "attack-surface-pentest",
-          "cloud-iam-incident",
-          "cloud-security",
-          "email-security-anti-phishing",
-          "identity-assurance",
-          "incident-response-playbook",
-          "ransomware-response",
-          "sector-energy",
-          "sector-financial",
-          "sector-healthcare",
-          "sector-telecom"
-        ]
-      },
       {
         "id": "T1567",
         "count": 7,
@@ -2371,6 +2417,16 @@
           "supply-chain-integrity"
         ]
       },
+      {
+        "id": "T1530",
+        "count": 4,
+        "skills": [
+          "cloud-security",
+          "dlp-gap-analysis",
+          "multitenancy-isolation",
+          "sector-healthcare"
+        ]
+      },
       {
         "id": "T1556",
         "count": 4,
@@ -2399,15 +2455,6 @@
           "sector-financial"
         ]
       },
-      {
-        "id": "T1530",
-        "count": 3,
-        "skills": [
-          "cloud-security",
-          "dlp-gap-analysis",
-          "sector-healthcare"
-        ]
-      },
       {
         "id": "T0855",
         "count": 2,
@@ -2540,8 +2587,10 @@
       "CWE-20",
       "CWE-327",
       "CWE-353",
-      "CWE-400",
       "CWE-611",
+      "CWE-639",
+      "CWE-668",
+      "CWE-770",
       "CWE-778",
       "CWE-93"
     ],
@@ -2576,6 +2625,7 @@
       "Insurance-Carrier-24h-Notification",
       "NIS2-Annex-I-Telecom",
       "NIST-800-53-AC-2-Cross-Account",
+      "NIST-800-53-AC-3",
       "NIST-800-53-SI-12",
       "NIST-800-53-SR-11",
       "OFAC-SDN-Payment-Block",
@@ -2606,6 +2656,8 @@
       "T1110",
       "T1133",
       "T1213",
+      "T1499",
+      "T1499.001",
       "T1505",
       "T1538",
       "T1548.001",
@@ -2734,14 +2786,12 @@
       "CWE-601",
       "CWE-613",
       "CWE-614",
-      "CWE-639",
       "CWE-640",
       "CWE-641",
       "CWE-642",
       "CWE-643",
       "CWE-648",
       "CWE-667",
-      "CWE-668",
       "CWE-669",
       "CWE-680",
       "CWE-693",
@@ -2753,7 +2803,6 @@
       "CWE-755",
       "CWE-759",
       "CWE-760",
-      "CWE-770",
       "CWE-772",
       "CWE-776",
       "CWE-779",
@@ -3451,7 +3500,6 @@
       "NIST-800-218-SSDF-PO.4.2",
       "NIST-800-218-SSDF-PW.4",
       "NIST-800-218-SSDF-PW.7.1",
-      "NIST-800-53-AC-3",
       "NIST-800-53-AC-6",
       "NIST-800-53-AU-9",
       "NIST-800-53-CM-3",

package/data/_indexes/handoff-dag.json

@@ -26,6 +26,7 @@
     "mail-server-hardening",
     "mcp-agent-trust",
     "mlops-security",
+    "multitenancy-isolation",
     "network-trust",
     "ot-ics-security",
     "policy-exception-gen",
@@ -523,7 +524,8 @@
     "mail-server-hardening": [],
     "network-trust": [],
     "audit-log-integrity": [],
-    "self-update-integrity": []
+    "self-update-integrity": [],
+    "multitenancy-isolation": []
   },
   "in_degree": {
     "age-gates-child-safety": 1,
@@ -552,6 +554,7 @@
     "mail-server-hardening": 0,
     "mcp-agent-trust": 22,
     "mlops-security": 6,
+    "multitenancy-isolation": 0,
     "network-trust": 0,
     "ot-ics-security": 4,
     "policy-exception-gen": 16,
@@ -601,6 +604,7 @@
     "mail-server-hardening": 0,
     "mcp-agent-trust": 7,
     "mlops-security": 10,
+    "multitenancy-isolation": 0,
     "network-trust": 0,
     "ot-ics-security": 14,
     "policy-exception-gen": 0,

package/data/_indexes/jurisdiction-map.json

@@ -27,6 +27,7 @@
       "mail-server-hardening",
       "mcp-agent-trust",
       "mlops-security",
+      "multitenancy-isolation",
       "network-trust",
       "ot-ics-security",
       "policy-exception-gen",
@@ -50,7 +51,7 @@
       "zeroday-gap-learn"
     ],
     "example_excerpts": {},
-    "skill_count": 47
+    "skill_count": 48
   },
   "UK": {
     "skills": [
@@ -78,6 +79,7 @@
       "kernel-lpe-triage",
       "mcp-agent-trust",
       "mlops-security",
+      "multitenancy-isolation",
       "network-trust",
       "ot-ics-security",
       "policy-exception-gen",
@@ -101,7 +103,7 @@
       "zeroday-gap-learn"
     ],
     "example_excerpts": {},
-    "skill_count": 45
+    "skill_count": 46
   },
   "AU": {
     "skills": [
@@ -129,6 +131,7 @@
       "kernel-lpe-triage",
       "mcp-agent-trust",
       "mlops-security",
+      "multitenancy-isolation",
       "ot-ics-security",
       "policy-exception-gen",
       "pqc-first",
@@ -150,7 +153,7 @@
       "zeroday-gap-learn"
     ],
     "example_excerpts": {},
-    "skill_count": 43
+    "skill_count": 44
   },
   "SG": {
     "skills": [

package/data/_indexes/section-offsets.json

@@ -4722,6 +4722,91 @@
           "h3_count": 0
         }
       ]
+    },
+    "multitenancy-isolation": {
+      "path": "skills/multitenancy-isolation/skill.md",
+      "total_bytes": 7794,
+      "total_lines": 84,
+      "frontmatter": {
+        "line_start": 1,
+        "line_end": 49,
+        "byte_start": 0,
+        "byte_end": 1201
+      },
+      "sections": [
+        {
+          "name": "Threat Context (mid-2026)",
+          "normalized_name": "threat-context",
+          "line": 53,
+          "byte_start": 1270,
+          "byte_end": 2091,
+          "bytes": 821,
+          "h3_count": 0
+        },
+        {
+          "name": "Framework Lag Declaration",
+          "normalized_name": "framework-lag-declaration",
+          "line": 57,
+          "byte_start": 2091,
+          "byte_end": 2910,
+          "bytes": 819,
+          "h3_count": 0
+        },
+        {
+          "name": "TTP Mapping",
+          "normalized_name": "ttp-mapping",
+          "line": 61,
+          "byte_start": 2910,
+          "byte_end": 3713,
+          "bytes": 803,
+          "h3_count": 0
+        },
+        {
+          "name": "Exploit Availability Matrix",
+          "normalized_name": "exploit-availability-matrix",
+          "line": 65,
+          "byte_start": 3713,
+          "byte_end": 4438,
+          "bytes": 725,
+          "h3_count": 0
+        },
+        {
+          "name": "Analysis Procedure",
+          "normalized_name": "analysis-procedure",
+          "line": 69,
+          "byte_start": 4438,
+          "byte_end": 5337,
+          "bytes": 899,
+          "h3_count": 0
+        },
+        {
+          "name": "Output Format",
+          "normalized_name": "output-format",
+          "line": 73,
+          "byte_start": 5337,
+          "byte_end": 6219,
+          "bytes": 882,
+          "h3_count": 0
+        },
+        {
+          "name": "Compliance Theater Check",
+          "normalized_name": "compliance-theater-check",
+          "line": 77,
+          "byte_start": 6219,
+          "byte_end": 6970,
+          "bytes": 751,
+          "h3_count": 0
+        },
+        {
+          "name": "Defensive Countermeasure Mapping",
+          "normalized_name": "defensive-countermeasure-mapping",
+          "line": 81,
+          "byte_start": 6970,
+          "byte_end": 7794,
+          "bytes": 824,
+          "h3_count": 0
+        }
+      ]
     }
   }
 }

package/data/_indexes/stale-content.json

@@ -15,7 +15,7 @@
       "severity": "medium",
       "category": "researcher_claim_drift",
       "artifact": "skills/researcher/skill.md",
-      "detail": "claims 41 specialized skills downstream; live count is 46"
+      "detail": "claims 41 specialized skills downstream; live count is 47"
     }
   ]
 }

package/data/_indexes/summary-cards.json

@@ -2176,6 +2176,46 @@
       "last_threat_review": "2026-06-02",
       "path": "skills/self-update-integrity/skill.md",
       "handoff_targets": []
+    },
+    "multitenancy-isolation": {
+      "description": "Application multitenancy isolation and availability/DoS resilience for mid-2026 — principal-bound tenant identity, data-layer row-level-security under a non-bypass role, cross-tenant cache/queue namespacing, per-tenant rate/byte quotas, HTTP/2 Rapid Reset caps, bounded allocation, distributed-lock fencing, and circuit breakers",
+      "threat_context_excerpt": "Shared multitenant infrastructure has two linked failure classes. Isolation: if the tenant identifier is trusted from a client-controlled header/parameter/claim, or the tenant filter lives in per-query application discipline rather than the data layer, a single authenticated user of one tenant reads or writes another tenant's data — broken object-level authorization (CWE-639), the most common and highest-impact SaaS vulnerability class. Cache, pub/sub, and queue keys leak the same way when not tenant-namespaced. Availability: asymmetric denial of service — HTTP/2 Rapid Reset (CVE-2023-44487), ...",
+      "produces": "Report per surface, marking each isolation and availability control enforced / missing / inconclusive (visibility gap). For every missing control, state whether a single authenticated user could read another tenant's data or a single client could deny service to all tenants. Distinguish a control enforced at a lower layer (data-layer RLS, CDN/WAF quotas) from an absent one, and a dedicated single-tenant deployment (cross-tenant indicators not applicable) from a shared one. Provide the prioritised remediation (bind tenant to principal + data-layer RLS under a non-bypass role, namespace shared k ...",
+      "key_xrefs": {
+        "cwe_refs": [
+          "CWE-639",
+          "CWE-770",
+          "CWE-863",
+          "CWE-668",
+          "CWE-400"
+        ],
+        "d3fend_refs": [],
+        "framework_gaps": [
+          "NIST-800-53-AC-3",
+          "NIS2-Art21-network-security",
+          "UK-CAF-B4",
+          "AU-ISM-1556"
+        ],
+        "atlas_refs": [],
+        "attack_refs": [
+          "T1078",
+          "T1499",
+          "T1499.001",
+          "T1530"
+        ],
+        "rfc_refs": [],
+        "dlp_refs": []
+      },
+      "trigger_count": 17,
+      "atlas_count": 0,
+      "attack_count": 4,
+      "framework_gap_count": 4,
+      "cwe_count": 5,
+      "d3fend_count": 0,
+      "rfc_count": 0,
+      "last_threat_review": "2026-06-02",
+      "path": "skills/multitenancy-isolation/skill.md",
+      "handoff_targets": []
     }
   }
 }

package/data/_indexes/token-budget.json

@@ -3,9 +3,9 @@
     "schema_version": "1.0.0",
     "tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
     "approx_chars_per_token": 4,
-    "total_chars": 1712869,
-    "total_approx_tokens": 428220,
-    "skill_count": 47
+    "total_chars": 1720649,
+    "total_approx_tokens": 430165,
+    "skill_count": 48
   },
   "skills": {
     "kernel-lpe-triage": {
@@ -2752,6 +2752,56 @@
           "approx_tokens": 221
         }
       }
+    },
+    "multitenancy-isolation": {
+      "path": "skills/multitenancy-isolation/skill.md",
+      "bytes": 7794,
+      "chars": 7780,
+      "lines": 84,
+      "approx_tokens": 1945,
+      "approx_chars_per_token": 4,
+      "sections": {
+        "threat-context": {
+          "bytes": 821,
+          "chars": 815,
+          "approx_tokens": 204
+        },
+        "framework-lag-declaration": {
+          "bytes": 819,
+          "chars": 819,
+          "approx_tokens": 205
+        },
+        "ttp-mapping": {
+          "bytes": 803,
+          "chars": 801,
+          "approx_tokens": 200
+        },
+        "exploit-availability-matrix": {
+          "bytes": 725,
+          "chars": 721,
+          "approx_tokens": 180
+        },
+        "analysis-procedure": {
+          "bytes": 899,
+          "chars": 899,
+          "approx_tokens": 225
+        },
+        "output-format": {
+          "bytes": 882,
+          "chars": 882,
+          "approx_tokens": 221
+        },
+        "compliance-theater-check": {
+          "bytes": 751,
+          "chars": 751,
+          "approx_tokens": 188
+        },
+        "defensive-countermeasure-mapping": {
+          "bytes": 824,
+          "chars": 824,
+          "approx_tokens": 206
+        }
+      }
     }
   }
 }