@blamejs/exceptd-skills 0.16.17 → 0.16.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +3 -1
- package/CHANGELOG.md +8 -0
- package/README.md +5 -5
- package/bin/exceptd.js +3 -1
- package/data/_indexes/_meta.json +17 -15
- package/data/_indexes/activity-feed.json +17 -3
- package/data/_indexes/catalog-summaries.json +1 -1
- package/data/_indexes/chains.json +14784 -1833
- package/data/_indexes/currency.json +19 -1
- package/data/_indexes/frequency.json +138 -86
- package/data/_indexes/handoff-dag.json +9 -1
- package/data/_indexes/jurisdiction-map.json +9 -3
- package/data/_indexes/section-offsets.json +170 -0
- package/data/_indexes/stale-content.json +1 -1
- package/data/_indexes/summary-cards.json +77 -0
- package/data/_indexes/token-budget.json +103 -3
- package/data/_indexes/trigger-table.json +93 -0
- package/data/_indexes/xref.json +38 -7
- package/data/cwe-catalog.json +35 -4
- package/data/playbooks/audit-log-integrity.json +3 -0
- package/data/playbooks/framework.json +2 -0
- package/data/playbooks/log-injection-telemetry.json +619 -0
- package/data/playbooks/privacy-consent-ops.json +605 -0
- package/data/playbooks/secrets.json +1 -0
- package/manifest-snapshot.json +104 -2
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +161 -51
- package/package.json +2 -2
- package/sbom.cdx.json +92 -32
- package/skills/log-injection-telemetry/skill.md +80 -0
- package/skills/privacy-consent-ops/skill.md +80 -0
package/manifest-snapshot.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"_comment": "Auto-generated by scripts/refresh-manifest-snapshot.js — do not hand-edit. Public skill surface used by check-manifest-snapshot.js to detect breaking removals.",
|
|
3
|
-
"_generated_at": "2026-06-02T19:
|
|
3
|
+
"_generated_at": "2026-06-02T19:58:16.286Z",
|
|
4
4
|
"atlas_version": "5.6.0",
|
|
5
|
-
"skill_count":
|
|
5
|
+
"skill_count": 51,
|
|
6
6
|
"skills": [
|
|
7
7
|
{
|
|
8
8
|
"name": "age-gates-child-safety",
|
|
@@ -1251,6 +1251,57 @@
|
|
|
1251
1251
|
],
|
|
1252
1252
|
"dlp_refs": []
|
|
1253
1253
|
},
|
|
1254
|
+
{
|
|
1255
|
+
"name": "log-injection-telemetry",
|
|
1256
|
+
"version": "1.0.0",
|
|
1257
|
+
"triggers": [
|
|
1258
|
+
"cloudwatch",
|
|
1259
|
+
"crlf injection",
|
|
1260
|
+
"exporter ssrf",
|
|
1261
|
+
"log forging",
|
|
1262
|
+
"log injection",
|
|
1263
|
+
"log redaction",
|
|
1264
|
+
"log sink",
|
|
1265
|
+
"metrics endpoint exposure",
|
|
1266
|
+
"observability security",
|
|
1267
|
+
"otlp exporter",
|
|
1268
|
+
"prometheus exposure",
|
|
1269
|
+
"secrets in logs",
|
|
1270
|
+
"telemetry exfiltration",
|
|
1271
|
+
"telemetry integrity",
|
|
1272
|
+
"webhook sink"
|
|
1273
|
+
],
|
|
1274
|
+
"data_deps": [
|
|
1275
|
+
"atlas-ttps.json",
|
|
1276
|
+
"attack-techniques.json",
|
|
1277
|
+
"cve-catalog.json",
|
|
1278
|
+
"cwe-catalog.json",
|
|
1279
|
+
"framework-control-gaps.json",
|
|
1280
|
+
"rfc-references.json"
|
|
1281
|
+
],
|
|
1282
|
+
"atlas_refs": [],
|
|
1283
|
+
"attack_refs": [
|
|
1284
|
+
"T1213",
|
|
1285
|
+
"T1530",
|
|
1286
|
+
"T1565.001"
|
|
1287
|
+
],
|
|
1288
|
+
"framework_gaps": [
|
|
1289
|
+
"AU-ISM-1556",
|
|
1290
|
+
"ISO-27001-2022-A.8.15",
|
|
1291
|
+
"NIS2-Art21-network-security",
|
|
1292
|
+
"NIST-800-53-SI-2",
|
|
1293
|
+
"UK-CAF-B4"
|
|
1294
|
+
],
|
|
1295
|
+
"rfc_refs": [],
|
|
1296
|
+
"cwe_refs": [
|
|
1297
|
+
"CWE-117",
|
|
1298
|
+
"CWE-200",
|
|
1299
|
+
"CWE-532",
|
|
1300
|
+
"CWE-918"
|
|
1301
|
+
],
|
|
1302
|
+
"d3fend_refs": [],
|
|
1303
|
+
"dlp_refs": []
|
|
1304
|
+
},
|
|
1254
1305
|
{
|
|
1255
1306
|
"name": "mail-server-hardening",
|
|
1256
1307
|
"version": "1.0.0",
|
|
@@ -1665,6 +1716,57 @@
|
|
|
1665
1716
|
],
|
|
1666
1717
|
"dlp_refs": []
|
|
1667
1718
|
},
|
|
1719
|
+
{
|
|
1720
|
+
"name": "privacy-consent-ops",
|
|
1721
|
+
"version": "1.0.0",
|
|
1722
|
+
"triggers": [
|
|
1723
|
+
"confusable normalization",
|
|
1724
|
+
"consent integrity",
|
|
1725
|
+
"consent string",
|
|
1726
|
+
"data subject request",
|
|
1727
|
+
"dsr",
|
|
1728
|
+
"gdpr article 17",
|
|
1729
|
+
"homoglyph evasion",
|
|
1730
|
+
"iab tcf",
|
|
1731
|
+
"mspa",
|
|
1732
|
+
"ofac screening",
|
|
1733
|
+
"privacy operations",
|
|
1734
|
+
"record of processing",
|
|
1735
|
+
"right to be forgotten",
|
|
1736
|
+
"right to erasure",
|
|
1737
|
+
"ropa",
|
|
1738
|
+
"sanctions screening"
|
|
1739
|
+
],
|
|
1740
|
+
"data_deps": [
|
|
1741
|
+
"atlas-ttps.json",
|
|
1742
|
+
"attack-techniques.json",
|
|
1743
|
+
"cve-catalog.json",
|
|
1744
|
+
"cwe-catalog.json",
|
|
1745
|
+
"framework-control-gaps.json",
|
|
1746
|
+
"rfc-references.json"
|
|
1747
|
+
],
|
|
1748
|
+
"atlas_refs": [],
|
|
1749
|
+
"attack_refs": [
|
|
1750
|
+
"T1036",
|
|
1751
|
+
"T1070",
|
|
1752
|
+
"T1565.001"
|
|
1753
|
+
],
|
|
1754
|
+
"framework_gaps": [
|
|
1755
|
+
"AU-ISM-1556",
|
|
1756
|
+
"NIS2-Art21-network-security",
|
|
1757
|
+
"NIST-800-53-SI-2",
|
|
1758
|
+
"UK-CAF-B4"
|
|
1759
|
+
],
|
|
1760
|
+
"rfc_refs": [],
|
|
1761
|
+
"cwe_refs": [
|
|
1762
|
+
"CWE-345",
|
|
1763
|
+
"CWE-672",
|
|
1764
|
+
"CWE-778",
|
|
1765
|
+
"CWE-807"
|
|
1766
|
+
],
|
|
1767
|
+
"d3fend_refs": [],
|
|
1768
|
+
"dlp_refs": []
|
|
1769
|
+
},
|
|
1668
1770
|
{
|
|
1669
1771
|
"name": "rag-pipeline-security",
|
|
1670
1772
|
"version": "1.0.0",
|
package/manifest-snapshot.sha256
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
faa01f939b1473c436cd81d614612593e92034e1119518e4e44f61e37b35de8b manifest-snapshot.json
|