@blamejs/exceptd-skills 0.16.17 → 0.16.18

package/data/_indexes/token-budget.json

@@ -3,9 +3,9 @@
     "schema_version": "1.0.0",
     "tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
     "approx_chars_per_token": 4,
-    "total_chars": 1728352,
-    "total_approx_tokens": 432091,
-    "skill_count": 49
+    "total_chars": 1736061,
+    "total_approx_tokens": 434018,
+    "skill_count": 50
   },
   "skills": {
     "kernel-lpe-triage": {
@@ -2852,6 +2852,56 @@
           "approx_tokens": 211
         }
       }
+    },
+    "log-injection-telemetry": {
+      "path": "skills/log-injection-telemetry/skill.md",
+      "bytes": 7725,
+      "chars": 7709,
+      "lines": 81,
+      "approx_tokens": 1927,
+      "approx_chars_per_token": 4,
+      "sections": {
+        "threat-context": {
+          "bytes": 881,
+          "chars": 877,
+          "approx_tokens": 219
+        },
+        "framework-lag-declaration": {
+          "bytes": 823,
+          "chars": 823,
+          "approx_tokens": 206
+        },
+        "ttp-mapping": {
+          "bytes": 765,
+          "chars": 759,
+          "approx_tokens": 190
+        },
+        "exploit-availability-matrix": {
+          "bytes": 730,
+          "chars": 728,
+          "approx_tokens": 182
+        },
+        "analysis-procedure": {
+          "bytes": 911,
+          "chars": 909,
+          "approx_tokens": 227
+        },
+        "output-format": {
+          "bytes": 836,
+          "chars": 836,
+          "approx_tokens": 209
+        },
+        "compliance-theater-check": {
+          "bytes": 740,
+          "chars": 740,
+          "approx_tokens": 185
+        },
+        "defensive-countermeasure-mapping": {
+          "bytes": 848,
+          "chars": 848,
+          "approx_tokens": 212
+        }
+      }
     }
   }
 }

package/data/_indexes/trigger-table.json

@@ -1976,5 +1976,50 @@
   ],
   "input amplification": [
     "decompression-dos"
+  ],
+  "log injection": [
+    "log-injection-telemetry"
+  ],
+  "crlf injection": [
+    "log-injection-telemetry"
+  ],
+  "log forging": [
+    "log-injection-telemetry"
+  ],
+  "telemetry integrity": [
+    "log-injection-telemetry"
+  ],
+  "secrets in logs": [
+    "log-injection-telemetry"
+  ],
+  "log redaction": [
+    "log-injection-telemetry"
+  ],
+  "metrics endpoint exposure": [
+    "log-injection-telemetry"
+  ],
+  "prometheus exposure": [
+    "log-injection-telemetry"
+  ],
+  "otlp exporter": [
+    "log-injection-telemetry"
+  ],
+  "cloudwatch": [
+    "log-injection-telemetry"
+  ],
+  "webhook sink": [
+    "log-injection-telemetry"
+  ],
+  "exporter ssrf": [
+    "log-injection-telemetry"
+  ],
+  "observability security": [
+    "log-injection-telemetry"
+  ],
+  "log sink": [
+    "log-injection-telemetry"
+  ],
+  "telemetry exfiltration": [
+    "log-injection-telemetry"
   ]
 }

package/data/_indexes/xref.json

@@ -79,6 +79,7 @@
     "CWE-918": [
       "api-security",
       "attack-surface-pentest",
+      "log-injection-telemetry",
       "mcp-agent-trust",
       "network-trust",
       "sector-telecom",
@@ -140,6 +141,7 @@
       "api-security",
       "cloud-security",
       "dlp-gap-analysis",
+      "log-injection-telemetry",
       "sector-healthcare",
       "vc-wallet-trust",
       "webapp-security"
@@ -270,6 +272,12 @@
     ],
     "CWE-834": [
       "decompression-dos"
+    ],
+    "CWE-117": [
+      "log-injection-telemetry"
+    ],
+    "CWE-532": [
+      "log-injection-telemetry"
     ]
   },
   "d3fend_refs": {
@@ -395,6 +403,7 @@
       "audit-log-integrity",
       "decompression-dos",
       "kernel-lpe-triage",
+      "log-injection-telemetry",
       "mail-server-hardening"
     ],
     "ISO-27001-2022-A.8.8": [
@@ -640,6 +649,7 @@
     ],
     "AU-ISM-1556": [
       "decompression-dos",
+      "log-injection-telemetry",
       "multitenancy-isolation",
       "sector-telecom",
       "self-update-integrity"
@@ -728,6 +738,7 @@
     "NIS2-Art21-network-security": [
       "audit-log-integrity",
       "decompression-dos",
+      "log-injection-telemetry",
       "mail-server-hardening",
       "multitenancy-isolation",
       "network-trust",
@@ -738,12 +749,14 @@
     ],
     "UK-CAF-B4": [
       "decompression-dos",
+      "log-injection-telemetry",
       "multitenancy-isolation",
       "network-trust",
       "self-update-integrity"
     ],
     "ISO-27001-2022-A.8.15": [
-      "audit-log-integrity"
+      "audit-log-integrity",
+      "log-injection-telemetry"
     ],
     "NIST-800-53-SR-11": [
       "self-update-integrity"
@@ -913,11 +926,13 @@
     "T1530": [
       "cloud-security",
       "dlp-gap-analysis",
+      "log-injection-telemetry",
       "multitenancy-isolation",
       "sector-healthcare"
     ],
     "T1213": [
-      "dlp-gap-analysis"
+      "dlp-gap-analysis",
+      "log-injection-telemetry"
     ],
     "T1041": [
       "dlp-gap-analysis",
@@ -1024,7 +1039,8 @@
       "audit-log-integrity"
     ],
     "T1565.001": [
-      "audit-log-integrity"
+      "audit-log-integrity",
+      "log-injection-telemetry"
     ],
     "T1562.008": [
       "audit-log-integrity"

package/data/cwe-catalog.json

@@ -535,6 +535,7 @@
       "api-security",
       "cloud-security",
       "dlp-gap-analysis",
+      "log-injection-telemetry",
       "sector-healthcare",
       "vc-wallet-trust",
       "webapp-security"
@@ -1912,6 +1913,7 @@
     "skills_referencing": [
       "api-security",
       "attack-surface-pentest",
+      "log-injection-telemetry",
       "mcp-agent-trust",
       "network-trust",
       "sector-telecom",
@@ -3388,7 +3390,10 @@
     "last_verified": "2026-05-19",
     "notes": "Bulk-imported v0.13.18 from the canonical MITRE Top 25 + commonly-referenced-class expansion.",
     "_auto_imported": true,
-    "_intake_method": "v0.13.18-bulk-mitre-cwe-curated"
+    "_intake_method": "v0.13.18-bulk-mitre-cwe-curated",
+    "skills_referencing": [
+      "log-injection-telemetry"
+    ]
   },
   "CWE-539": {
     "id": "CWE-539",
@@ -4601,5 +4606,25 @@
       "decompression-dos"
     ],
     "evidence_cves": []
+  },
+  "CWE-117": {
+    "id": "CWE-117",
+    "name": "Improper Output Neutralization for Logs",
+    "abstraction": "Base",
+    "category": "Injection",
+    "description": "The product does not neutralize or incorrectly neutralizes output that is written to logs. MITRE-canonical; full text at https://cwe.mitre.org/data/definitions/117.html. Backs the CRLF log-injection / log-forging class on telemetry sinks (forged or split log entries via un-sanitized control characters).",
+    "top_25_rank_2024": null,
+    "top_25_rank_2025": null,
+    "view_memberships": [
+      "CWE-1000"
+    ],
+    "related_attack_patterns_capec": [
+      "CAPEC-93",
+      "CAPEC-268"
+    ],
+    "skills_referencing": [
+      "log-injection-telemetry"
+    ],
+    "evidence_cves": []
   }
 }

package/data/playbooks/audit-log-integrity.json

@@ -32,6 +32,9 @@
         "playbook_id": "framework",
         "condition": "analyze.compliance_theater_check.verdict == 'theater'"
       }
+    ],
+    "fed_by": [
+      "log-injection-telemetry"
     ]
   },
   "domain": {

package/data/playbooks/framework.json

@@ -60,6 +60,7 @@
       "kernel",
       "library-author",
       "llm-tool-use-exfil",
+      "log-injection-telemetry",
       "mail-server-hardening",
       "mcp",
       "multitenancy-isolation",