@blamejs/exceptd-skills 0.16.16 → 0.16.17

package/data/_indexes/currency.json

@@ -6,7 +6,7 @@
     "decay_formula": "100 base; -30/-20/-10/-5 at 180/90/60/30-day thresholds. forward_watch count does NOT affect the score (it's a maintenance signal, not a staleness one). Label thresholds: ≥90 current, ≥70 acceptable, ≥50 stale, <50 critical_stale."
   },
   "summary": {
-    "current": 48,
+    "current": 49,
     "acceptable": 0,
     "stale": 0,
     "critical_stale": 0,
@@ -121,6 +121,15 @@
       "forward_watch_count": 6,
       "action_required": false
     },
+    {
+      "skill": "decompression-dos",
+      "last_threat_review": "2026-06-02",
+      "days_since_review": -18,
+      "currency_score": 100,
+      "currency_label": "current",
+      "forward_watch_count": 0,
+      "action_required": false
+    },
     {
       "skill": "defensive-countermeasure-mapping",
       "last_threat_review": "2026-05-11",

package/data/_indexes/frequency.json

@@ -78,10 +78,11 @@
         ]
       },
       "CWE-22": {
-        "count": 5,
+        "count": 6,
         "skills": [
           "api-security",
           "attack-surface-pentest",
+          "decompression-dos",
           "mail-server-hardening",
           "mcp-agent-trust",
           "webapp-security"
@@ -372,8 +373,9 @@
         ]
       },
       "CWE-400": {
-        "count": 2,
+        "count": 3,
         "skills": [
+          "decompression-dos",
           "mail-server-hardening",
           "multitenancy-isolation"
         ]
@@ -397,8 +399,9 @@
         ]
       },
       "CWE-770": {
-        "count": 1,
+        "count": 2,
         "skills": [
+          "decompression-dos",
           "multitenancy-isolation"
         ]
       },
@@ -407,6 +410,30 @@
         "skills": [
           "multitenancy-isolation"
         ]
+      },
+      "CWE-409": {
+        "count": 1,
+        "skills": [
+          "decompression-dos"
+        ]
+      },
+      "CWE-1333": {
+        "count": 1,
+        "skills": [
+          "decompression-dos"
+        ]
+      },
+      "CWE-776": {
+        "count": 1,
+        "skills": [
+          "decompression-dos"
+        ]
+      },
+      "CWE-834": {
+        "count": 1,
+        "skills": [
+          "decompression-dos"
+        ]
       }
     },
     "d3fend_refs": {
@@ -592,9 +619,10 @@
     },
     "framework_gaps": {
       "NIST-800-53-SI-2": {
-        "count": 3,
+        "count": 4,
         "skills": [
           "audit-log-integrity",
+          "decompression-dos",
           "kernel-lpe-triage",
           "mail-server-hardening"
         ]
@@ -1000,8 +1028,9 @@
         ]
       },
       "AU-ISM-1556": {
-        "count": 3,
+        "count": 4,
         "skills": [
+          "decompression-dos",
           "multitenancy-isolation",
           "sector-telecom",
           "self-update-integrity"
@@ -1167,9 +1196,10 @@
         ]
       },
       "NIS2-Art21-network-security": {
-        "count": 5,
+        "count": 6,
         "skills": [
           "audit-log-integrity",
+          "decompression-dos",
           "mail-server-hardening",
           "multitenancy-isolation",
           "network-trust",
@@ -1183,8 +1213,9 @@
         ]
       },
       "UK-CAF-B4": {
-        "count": 3,
+        "count": 4,
         "skills": [
+          "decompression-dos",
           "multitenancy-isolation",
           "network-trust",
           "self-update-integrity"
@@ -1335,10 +1366,11 @@
         ]
       },
       "T1059": {
-        "count": 5,
+        "count": 6,
         "skills": [
           "ai-attack-surface",
           "attack-surface-pentest",
+          "decompression-dos",
           "mcp-agent-trust",
           "ransomware-response",
           "webapp-security"
@@ -1663,14 +1695,16 @@
         ]
       },
       "T1499": {
-        "count": 1,
+        "count": 2,
         "skills": [
+          "decompression-dos",
           "multitenancy-isolation"
         ]
       },
       "T1499.001": {
-        "count": 1,
+        "count": 2,
         "skills": [
+          "decompression-dos",
           "multitenancy-isolation"
         ]
       }
@@ -1973,26 +2007,26 @@
         ]
       },
       {
-        "id": "CWE-269",
+        "id": "CWE-22",
         "count": 6,
         "skills": [
+          "api-security",
           "attack-surface-pentest",
-          "cloud-iam-incident",
-          "container-runtime-security",
-          "identity-assurance",
-          "idp-incident-response",
+          "decompression-dos",
+          "mail-server-hardening",
+          "mcp-agent-trust",
           "webapp-security"
         ]
       },
       {
-        "id": "CWE-732",
+        "id": "CWE-269",
         "count": 6,
         "skills": [
           "attack-surface-pentest",
           "cloud-iam-incident",
-          "cloud-security",
           "container-runtime-security",
           "identity-assurance",
+          "idp-incident-response",
           "webapp-security"
         ]
       }
@@ -2155,6 +2189,18 @@
           "webapp-security"
         ]
       },
+      {
+        "id": "NIS2-Art21-network-security",
+        "count": 6,
+        "skills": [
+          "audit-log-integrity",
+          "decompression-dos",
+          "mail-server-hardening",
+          "multitenancy-isolation",
+          "network-trust",
+          "self-update-integrity"
+        ]
+      },
       {
         "id": "ISO-27001-2022-A.8.30",
         "count": 5,
@@ -2166,17 +2212,6 @@
           "sector-healthcare"
         ]
       },
-      {
-        "id": "NIS2-Art21-network-security",
-        "count": 5,
-        "skills": [
-          "audit-log-integrity",
-          "mail-server-hardening",
-          "multitenancy-isolation",
-          "network-trust",
-          "self-update-integrity"
-        ]
-      },
       {
         "id": "SOC2-CC7-anomaly-detection",
         "count": 5,
@@ -2188,6 +2223,16 @@
           "incident-response-playbook"
         ]
       },
+      {
+        "id": "AU-ISM-1556",
+        "count": 4,
+        "skills": [
+          "decompression-dos",
+          "multitenancy-isolation",
+          "sector-telecom",
+          "self-update-integrity"
+        ]
+      },
       {
         "id": "FedRAMP-Rev5-Moderate",
         "count": 4,
@@ -2217,16 +2262,6 @@
           "mlops-security",
           "threat-modeling-methodology"
         ]
-      },
-      {
-        "id": "NIS2-Art21-patch-management",
-        "count": 4,
-        "skills": [
-          "attack-surface-pentest",
-          "kernel-lpe-triage",
-          "ot-ics-security",
-          "sector-energy"
-        ]
       }
     ],
     "atlas_refs": [
@@ -2398,10 +2433,11 @@
       },
       {
         "id": "T1059",
-        "count": 5,
+        "count": 6,
         "skills": [
           "ai-attack-surface",
           "attack-surface-pentest",
+          "decompression-dos",
           "mcp-agent-trust",
           "ransomware-response",
           "webapp-security"
@@ -2584,14 +2620,17 @@
   },
   "orphan_adjacent": {
     "cwe_refs": [
+      "CWE-1333",
       "CWE-20",
       "CWE-327",
       "CWE-353",
+      "CWE-409",
       "CWE-611",
       "CWE-639",
       "CWE-668",
-      "CWE-770",
+      "CWE-776",
       "CWE-778",
+      "CWE-834",
       "CWE-93"
     ],
     "d3fend_refs": [
@@ -2656,8 +2695,6 @@
       "T1110",
       "T1133",
       "T1213",
-      "T1499",
-      "T1499.001",
       "T1505",
       "T1538",
       "T1548.001",
@@ -2804,11 +2841,9 @@
       "CWE-759",
       "CWE-760",
       "CWE-772",
-      "CWE-776",
       "CWE-779",
       "CWE-807",
       "CWE-822",
-      "CWE-834",
       "CWE-835",
       "CWE-843",
       "CWE-88",

package/data/_indexes/handoff-dag.json

@@ -12,6 +12,7 @@
     "compliance-theater",
     "container-runtime-security",
     "coordinated-vuln-disclosure",
+    "decompression-dos",
     "defensive-countermeasure-mapping",
     "dlp-gap-analysis",
     "email-security-anti-phishing",
@@ -525,7 +526,8 @@
     "network-trust": [],
     "audit-log-integrity": [],
     "self-update-integrity": [],
-    "multitenancy-isolation": []
+    "multitenancy-isolation": [],
+    "decompression-dos": []
   },
   "in_degree": {
     "age-gates-child-safety": 1,
@@ -540,6 +542,7 @@
     "compliance-theater": 30,
     "container-runtime-security": 4,
     "coordinated-vuln-disclosure": 12,
+    "decompression-dos": 0,
     "defensive-countermeasure-mapping": 18,
     "dlp-gap-analysis": 15,
     "email-security-anti-phishing": 6,
@@ -590,6 +593,7 @@
     "compliance-theater": 12,
     "container-runtime-security": 18,
     "coordinated-vuln-disclosure": 12,
+    "decompression-dos": 0,
     "defensive-countermeasure-mapping": 6,
     "dlp-gap-analysis": 4,
     "email-security-anti-phishing": 6,

package/data/_indexes/jurisdiction-map.json

@@ -13,6 +13,7 @@
       "compliance-theater",
       "container-runtime-security",
       "coordinated-vuln-disclosure",
+      "decompression-dos",
       "defensive-countermeasure-mapping",
       "dlp-gap-analysis",
       "email-security-anti-phishing",
@@ -51,7 +52,7 @@
       "zeroday-gap-learn"
     ],
     "example_excerpts": {},
-    "skill_count": 48
+    "skill_count": 49
   },
   "UK": {
     "skills": [
@@ -66,6 +67,7 @@
       "compliance-theater",
       "container-runtime-security",
       "coordinated-vuln-disclosure",
+      "decompression-dos",
       "defensive-countermeasure-mapping",
       "dlp-gap-analysis",
       "email-security-anti-phishing",
@@ -103,7 +105,7 @@
       "zeroday-gap-learn"
     ],
     "example_excerpts": {},
-    "skill_count": 46
+    "skill_count": 47
   },
   "AU": {
     "skills": [
@@ -118,6 +120,7 @@
       "compliance-theater",
       "container-runtime-security",
       "coordinated-vuln-disclosure",
+      "decompression-dos",
       "defensive-countermeasure-mapping",
       "dlp-gap-analysis",
       "email-security-anti-phishing",
@@ -153,7 +156,7 @@
       "zeroday-gap-learn"
     ],
     "example_excerpts": {},
-    "skill_count": 44
+    "skill_count": 45
   },
   "SG": {
     "skills": [

package/data/_indexes/section-offsets.json

@@ -4807,6 +4807,91 @@
           "h3_count": 0
         }
       ]
+    },
+    "decompression-dos": {
+      "path": "skills/decompression-dos/skill.md",
+      "total_bytes": 7711,
+      "total_lines": 84,
+      "frontmatter": {
+        "line_start": 1,
+        "line_end": 49,
+        "byte_start": 0,
+        "byte_end": 1186
+      },
+      "sections": [
+        {
+          "name": "Threat Context (mid-2026)",
+          "normalized_name": "threat-context",
+          "line": 53,
+          "byte_start": 1241,
+          "byte_end": 2037,
+          "bytes": 796,
+          "h3_count": 0
+        },
+        {
+          "name": "Framework Lag Declaration",
+          "normalized_name": "framework-lag-declaration",
+          "line": 57,
+          "byte_start": 2037,
+          "byte_end": 2868,
+          "bytes": 831,
+          "h3_count": 0
+        },
+        {
+          "name": "TTP Mapping",
+          "normalized_name": "ttp-mapping",
+          "line": 61,
+          "byte_start": 2868,
+          "byte_end": 3698,
+          "bytes": 830,
+          "h3_count": 0
+        },
+        {
+          "name": "Exploit Availability Matrix",
+          "normalized_name": "exploit-availability-matrix",
+          "line": 65,
+          "byte_start": 3698,
+          "byte_end": 4388,
+          "bytes": 690,
+          "h3_count": 0
+        },
+        {
+          "name": "Analysis Procedure",
+          "normalized_name": "analysis-procedure",
+          "line": 69,
+          "byte_start": 4388,
+          "byte_end": 5310,
+          "bytes": 922,
+          "h3_count": 0
+        },
+        {
+          "name": "Output Format",
+          "normalized_name": "output-format",
+          "line": 73,
+          "byte_start": 5310,
+          "byte_end": 6198,
+          "bytes": 888,
+          "h3_count": 0
+        },
+        {
+          "name": "Compliance Theater Check",
+          "normalized_name": "compliance-theater-check",
+          "line": 77,
+          "byte_start": 6198,
+          "byte_end": 6868,
+          "bytes": 670,
+          "h3_count": 0
+        },
+        {
+          "name": "Defensive Countermeasure Mapping",
+          "normalized_name": "defensive-countermeasure-mapping",
+          "line": 81,
+          "byte_start": 6868,
+          "byte_end": 7711,
+          "bytes": 843,
+          "h3_count": 0
+        }
+      ]
     }
   }
 }

package/data/_indexes/stale-content.json

@@ -15,7 +15,7 @@
       "severity": "medium",
       "category": "researcher_claim_drift",
       "artifact": "skills/researcher/skill.md",
-      "detail": "claims 41 specialized skills downstream; live count is 47"
+      "detail": "claims 41 specialized skills downstream; live count is 48"
     }
   ]
 }

package/data/_indexes/summary-cards.json

@@ -2216,6 +2216,47 @@
       "last_threat_review": "2026-06-02",
       "path": "skills/multitenancy-isolation/skill.md",
       "handoff_targets": []
+    },
+    "decompression-dos": {
+      "description": "Decompression-bomb, parser-DoS, and ReDoS resistance for mid-2026 — decompression size/ratio caps, Zip Slip path confinement, XML entity-expansion disabling, linear-time regex on untrusted input, parse-depth limits, and length-field allocation bounds against single-input amplification denial of service",
+      "threat_context_excerpt": "Amplification denial of service turns a tiny, structurally-valid input into ruinous server work. A 42 KB zip bomb expands to petabytes; a few lines of nested XML entities expand to gigabytes (the billion-laughs attack); a crafted string pins a CPU core for seconds-to-minutes on a backtracking regular expression (ReDoS); a binary parser that reads a declared 2 GB length field allocates a 2 GB buffer from a 10-byte message. A Zip Slip archive entry named `../../x` escapes the extraction directory to overwrite a binary on the execution path. Input-format validation passes all of these because ...",
+      "produces": "Report per parser/decompression path, marking each resource bound enforced / missing / inconclusive (visibility gap). For every missing bound, state whether the ingest is internet-facing and whether a single crafted input could exhaust the instance (or, for Zip Slip, write outside the target). Distinguish a bound enforced at a lower layer (streaming runtime, RE2 engine, size-limited proxy) from an absent one, and a path that ingests only trusted fixed-size input from one that ingests attacker input. Provide the prioritised remediation (cap decompression size/ratio/nesting, confine extraction p ...",
+      "key_xrefs": {
+        "cwe_refs": [
+          "CWE-409",
+          "CWE-1333",
+          "CWE-400",
+          "CWE-776",
+          "CWE-22",
+          "CWE-834",
+          "CWE-770"
+        ],
+        "d3fend_refs": [],
+        "framework_gaps": [
+          "NIST-800-53-SI-2",
+          "NIS2-Art21-network-security",
+          "UK-CAF-B4",
+          "AU-ISM-1556"
+        ],
+        "atlas_refs": [],
+        "attack_refs": [
+          "T1499",
+          "T1499.001",
+          "T1059"
+        ],
+        "rfc_refs": [],
+        "dlp_refs": []
+      },
+      "trigger_count": 16,
+      "atlas_count": 0,
+      "attack_count": 3,
+      "framework_gap_count": 4,
+      "cwe_count": 7,
+      "d3fend_count": 0,
+      "rfc_count": 0,
+      "last_threat_review": "2026-06-02",
+      "path": "skills/decompression-dos/skill.md",
+      "handoff_targets": []
     }
   }
 }

package/data/_indexes/token-budget.json

@@ -3,9 +3,9 @@
     "schema_version": "1.0.0",
     "tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
     "approx_chars_per_token": 4,
-    "total_chars": 1720649,
-    "total_approx_tokens": 430165,
-    "skill_count": 48
+    "total_chars": 1728352,
+    "total_approx_tokens": 432091,
+    "skill_count": 49
   },
   "skills": {
     "kernel-lpe-triage": {
@@ -2802,6 +2802,56 @@
           "approx_tokens": 206
         }
       }
+    },
+    "decompression-dos": {
+      "path": "skills/decompression-dos/skill.md",
+      "bytes": 7711,
+      "chars": 7703,
+      "lines": 84,
+      "approx_tokens": 1926,
+      "approx_chars_per_token": 4,
+      "sections": {
+        "threat-context": {
+          "bytes": 796,
+          "chars": 794,
+          "approx_tokens": 199
+        },
+        "framework-lag-declaration": {
+          "bytes": 831,
+          "chars": 831,
+          "approx_tokens": 208
+        },
+        "ttp-mapping": {
+          "bytes": 830,
+          "chars": 828,
+          "approx_tokens": 207
+        },
+        "exploit-availability-matrix": {
+          "bytes": 690,
+          "chars": 688,
+          "approx_tokens": 172
+        },
+        "analysis-procedure": {
+          "bytes": 922,
+          "chars": 922,
+          "approx_tokens": 231
+        },
+        "output-format": {
+          "bytes": 888,
+          "chars": 888,
+          "approx_tokens": 222
+        },
+        "compliance-theater-check": {
+          "bytes": 670,
+          "chars": 670,
+          "approx_tokens": 168
+        },
+        "defensive-countermeasure-mapping": {
+          "bytes": 843,
+          "chars": 843,
+          "approx_tokens": 211
+        }
+      }
     }
   }
 }

package/data/_indexes/trigger-table.json

@@ -1926,9 +1926,55 @@
     "multitenancy-isolation"
   ],
   "resource exhaustion": [
+    "decompression-dos",
     "multitenancy-isolation"
   ],
   "denial of service": [
     "multitenancy-isolation"
+  ],
+  "decompression bomb": [
+    "decompression-dos"
+  ],
+  "zip bomb": [
+    "decompression-dos"
+  ],
+  "zip slip": [
+    "decompression-dos"
+  ],
+  "redos": [
+    "decompression-dos"
+  ],
+  "regular expression denial of service": [
+    "decompression-dos"
+  ],
+  "catastrophic backtracking": [
+    "decompression-dos"
+  ],
+  "billion laughs": [
+    "decompression-dos"
+  ],
+  "xml entity expansion": [
+    "decompression-dos"
+  ],
+  "xxe": [
+    "decompression-dos"
+  ],
+  "parser dos": [
+    "decompression-dos"
+  ],
+  "amplification attack": [
+    "decompression-dos"
+  ],
+  "nested archive": [
+    "decompression-dos"
+  ],
+  "recursion depth": [
+    "decompression-dos"
+  ],
+  "length field allocation": [
+    "decompression-dos"
+  ],
+  "input amplification": [
+    "decompression-dos"
   ]
 }