@blamejs/exceptd-skills 0.16.17 → 0.16.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. package/AGENTS.md +3 -1
  2. package/CHANGELOG.md +8 -0
  3. package/README.md +5 -5
  4. package/bin/exceptd.js +3 -1
  5. package/data/_indexes/_meta.json +17 -15
  6. package/data/_indexes/activity-feed.json +17 -3
  7. package/data/_indexes/catalog-summaries.json +1 -1
  8. package/data/_indexes/chains.json +14784 -1833
  9. package/data/_indexes/currency.json +19 -1
  10. package/data/_indexes/frequency.json +138 -86
  11. package/data/_indexes/handoff-dag.json +9 -1
  12. package/data/_indexes/jurisdiction-map.json +9 -3
  13. package/data/_indexes/section-offsets.json +170 -0
  14. package/data/_indexes/stale-content.json +1 -1
  15. package/data/_indexes/summary-cards.json +77 -0
  16. package/data/_indexes/token-budget.json +103 -3
  17. package/data/_indexes/trigger-table.json +93 -0
  18. package/data/_indexes/xref.json +38 -7
  19. package/data/cwe-catalog.json +35 -4
  20. package/data/playbooks/audit-log-integrity.json +3 -0
  21. package/data/playbooks/framework.json +2 -0
  22. package/data/playbooks/log-injection-telemetry.json +619 -0
  23. package/data/playbooks/privacy-consent-ops.json +605 -0
  24. package/data/playbooks/secrets.json +1 -0
  25. package/manifest-snapshot.json +104 -2
  26. package/manifest-snapshot.sha256 +1 -1
  27. package/manifest.json +161 -51
  28. package/package.json +2 -2
  29. package/sbom.cdx.json +92 -32
  30. package/skills/log-injection-telemetry/skill.md +80 -0
  31. package/skills/privacy-consent-ops/skill.md +80 -0
package/data/cwe-catalog.json CHANGED
@@ -535,6 +535,7 @@
535
535
  "api-security",
536
536
  "cloud-security",
537
537
  "dlp-gap-analysis",
538
+ "log-injection-telemetry",
538
539
  "sector-healthcare",
539
540
  "vc-wallet-trust",
540
541
  "webapp-security"
@@ -1074,7 +1075,8 @@
1074
1075
  "audit-log-integrity",
1075
1076
  "idp-incident-response",
1076
1077
  "mcp-agent-trust",
1077
- "network-trust"
1078
+ "network-trust",
1079
+ "privacy-consent-ops"
1078
1080
  ],
1079
1081
  "evidence_cves": [
1080
1082
  "CVE-2023-51764",
@@ -1538,6 +1540,7 @@
1538
1540
  "related_attack_patterns_capec": [],
1539
1541
  "skills_referencing": [
1540
1542
  "kernel-lpe-triage",
1543
+ "privacy-consent-ops",
1541
1544
  "vc-wallet-trust"
1542
1545
  ],
1543
1546
  "evidence_cves": [
@@ -1912,6 +1915,7 @@
1912
1915
  "skills_referencing": [
1913
1916
  "api-security",
1914
1917
  "attack-surface-pentest",
1918
+ "log-injection-telemetry",
1915
1919
  "mcp-agent-trust",
1916
1920
  "network-trust",
1917
1921
  "sector-telecom",
@@ -2708,7 +2712,10 @@
2708
2712
  "CVE-2026-21514"
2709
2713
  ],
2710
2714
  "last_verified": "2026-05-18",
2711
- "notes": "Added v0.13.17 KEV bulk-import."
2715
+ "notes": "Added v0.13.17 KEV bulk-import.",
2716
+ "skills_referencing": [
2717
+ "privacy-consent-ops"
2718
+ ]
2712
2719
  },
2713
2720
  "CWE-822": {
2714
2721
  "id": "CWE-822",
@@ -3388,7 +3395,10 @@
3388
3395
  "last_verified": "2026-05-19",
3389
3396
  "notes": "Bulk-imported v0.13.18 from the canonical MITRE Top 25 + commonly-referenced-class expansion.",
3390
3397
  "_auto_imported": true,
3391
- "_intake_method": "v0.13.18-bulk-mitre-cwe-curated"
3398
+ "_intake_method": "v0.13.18-bulk-mitre-cwe-curated",
3399
+ "skills_referencing": [
3400
+ "log-injection-telemetry"
3401
+ ]
3392
3402
  },
3393
3403
  "CWE-539": {
3394
3404
  "id": "CWE-539",
@@ -3846,7 +3856,8 @@
3846
3856
  "_auto_imported": true,
3847
3857
  "_intake_method": "v0.13.18-bulk-mitre-cwe-curated",
3848
3858
  "skills_referencing": [
3849
- "audit-log-integrity"
3859
+ "audit-log-integrity",
3860
+ "privacy-consent-ops"
3850
3861
  ]
3851
3862
  },
3852
3863
  "CWE-779": {
@@ -4601,5 +4612,25 @@
4601
4612
  "decompression-dos"
4602
4613
  ],
4603
4614
  "evidence_cves": []
4615
+ },
4616
+ "CWE-117": {
4617
+ "id": "CWE-117",
4618
+ "name": "Improper Output Neutralization for Logs",
4619
+ "abstraction": "Base",
4620
+ "category": "Injection",
4621
+ "description": "The product does not neutralize or incorrectly neutralizes output that is written to logs. MITRE-canonical; full text at https://cwe.mitre.org/data/definitions/117.html. Backs the CRLF log-injection / log-forging class on telemetry sinks (forged or split log entries via un-sanitized control characters).",
4622
+ "top_25_rank_2024": null,
4623
+ "top_25_rank_2025": null,
4624
+ "view_memberships": [
4625
+ "CWE-1000"
4626
+ ],
4627
+ "related_attack_patterns_capec": [
4628
+ "CAPEC-93",
4629
+ "CAPEC-268"
4630
+ ],
4631
+ "skills_referencing": [
4632
+ "log-injection-telemetry"
4633
+ ],
4634
+ "evidence_cves": []
4604
4635
  }
4605
4636
  }
package/data/playbooks/audit-log-integrity.json CHANGED
@@ -32,6 +32,9 @@
32
32
  "playbook_id": "framework",
33
33
  "condition": "analyze.compliance_theater_check.verdict == 'theater'"
34
34
  }
35
+ ],
36
+ "fed_by": [
37
+ "log-injection-telemetry"
35
38
  ]
36
39
  },
37
40
  "domain": {
package/data/playbooks/framework.json CHANGED
@@ -60,11 +60,13 @@
60
60
  "kernel",
61
61
  "library-author",
62
62
  "llm-tool-use-exfil",
63
+ "log-injection-telemetry",
63
64
  "mail-server-hardening",
64
65
  "mcp",
65
66
  "multitenancy-isolation",
66
67
  "network-trust",
67
68
  "post-quantum-migration",
69
+ "privacy-consent-ops",
68
70
  "ransomware",
69
71
  "sbom",
70
72
  "self-update-integrity",