@blamejs/exceptd-skills 0.16.24 → 0.16.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +5 -5
- package/ARCHITECTURE.md +3 -3
- package/CHANGELOG.md +18 -0
- package/CONTEXT.md +2 -2
- package/README.md +5 -5
- package/agents/threat-researcher.md +2 -2
- package/data/_indexes/_meta.json +39 -39
- package/data/_indexes/activity-feed.json +240 -240
- package/data/_indexes/catalog-summaries.json +3 -3
- package/data/_indexes/currency.json +64 -64
- package/data/_indexes/recipes.json +1 -1
- package/data/_indexes/section-offsets.json +510 -510
- package/data/_indexes/summary-cards.json +33 -33
- package/data/_indexes/token-budget.json +200 -200
- package/data/atlas-ttps.json +7 -7
- package/data/attack-techniques.json +5 -5
- package/data/framework-control-gaps.json +3 -3
- package/lib/auto-discovery.js +7 -9
- package/lib/cvss.js +108 -0
- package/lib/prefetch.js +97 -5
- package/lib/refresh-external.js +62 -26
- package/lib/schemas/manifest.schema.json +1 -1
- package/lib/schemas/skill-frontmatter.schema.json +1 -1
- package/lib/version-pins.js +3 -3
- package/manifest-snapshot.json +2 -2
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +124 -124
- package/package.json +1 -1
- package/sbom.cdx.json +133 -118
- package/scripts/builders/catalog-summaries.js +1 -1
- package/scripts/builders/recipes.js +1 -1
- package/scripts/run-e2e-scenarios.js +48 -17
- package/skills/age-gates-child-safety/skill.md +3 -3
- package/skills/ai-attack-surface/skill.md +4 -4
- package/skills/ai-c2-detection/skill.md +5 -5
- package/skills/api-security/skill.md +2 -2
- package/skills/attack-surface-pentest/skill.md +4 -4
- package/skills/cloud-security/skill.md +3 -3
- package/skills/compliance-theater/skill.md +3 -3
- package/skills/container-runtime-security/skill.md +3 -3
- package/skills/coordinated-vuln-disclosure/skill.md +2 -2
- package/skills/defensive-countermeasure-mapping/skill.md +3 -3
- package/skills/dlp-gap-analysis/skill.md +5 -5
- package/skills/exploit-scoring/skill.md +2 -2
- package/skills/framework-gap-analysis/skill.md +4 -4
- package/skills/fuzz-testing-strategy/skill.md +2 -2
- package/skills/incident-response-playbook/skill.md +3 -3
- package/skills/mcp-agent-trust/skill.md +2 -2
- package/skills/mlops-security/skill.md +3 -3
- package/skills/ot-ics-security/skill.md +3 -3
- package/skills/policy-exception-gen/skill.md +3 -3
- package/skills/pqc-first/skill.md +2 -2
- package/skills/rag-pipeline-security/skill.md +4 -4
- package/skills/ransomware-response/skill.md +2 -2
- package/skills/sector-energy/skill.md +2 -2
- package/skills/sector-federal-government/skill.md +2 -2
- package/skills/sector-financial/skill.md +4 -4
- package/skills/sector-healthcare/skill.md +3 -3
- package/skills/security-maturity-tiers/skill.md +1 -1
- package/skills/skill-update-loop/skill.md +6 -6
- package/skills/supply-chain-integrity/skill.md +2 -2
- package/skills/threat-model-currency/skill.md +8 -8
- package/skills/threat-modeling-methodology/skill.md +2 -2
- package/skills/webapp-security/skill.md +2 -2
- package/skills/zeroday-gap-learn/skill.md +3 -3
- package/sources/validators/cve-validator.js +12 -13
|
@@ -15,8 +15,8 @@
|
|
|
15
15
|
"skills": [
|
|
16
16
|
{
|
|
17
17
|
"skill": "age-gates-child-safety",
|
|
18
|
-
"last_threat_review": "2026-
|
|
19
|
-
"days_since_review":
|
|
18
|
+
"last_threat_review": "2026-06-10",
|
|
19
|
+
"days_since_review": -26,
|
|
20
20
|
"currency_score": 100,
|
|
21
21
|
"currency_label": "current",
|
|
22
22
|
"forward_watch_count": 10,
|
|
@@ -24,8 +24,8 @@
|
|
|
24
24
|
},
|
|
25
25
|
{
|
|
26
26
|
"skill": "ai-attack-surface",
|
|
27
|
-
"last_threat_review": "2026-
|
|
28
|
-
"days_since_review": -
|
|
27
|
+
"last_threat_review": "2026-06-10",
|
|
28
|
+
"days_since_review": -26,
|
|
29
29
|
"currency_score": 100,
|
|
30
30
|
"currency_label": "current",
|
|
31
31
|
"forward_watch_count": 8,
|
|
@@ -33,8 +33,8 @@
|
|
|
33
33
|
},
|
|
34
34
|
{
|
|
35
35
|
"skill": "ai-c2-detection",
|
|
36
|
-
"last_threat_review": "2026-
|
|
37
|
-
"days_since_review": -
|
|
36
|
+
"last_threat_review": "2026-06-10",
|
|
37
|
+
"days_since_review": -26,
|
|
38
38
|
"currency_score": 100,
|
|
39
39
|
"currency_label": "current",
|
|
40
40
|
"forward_watch_count": 0,
|
|
@@ -51,8 +51,8 @@
|
|
|
51
51
|
},
|
|
52
52
|
{
|
|
53
53
|
"skill": "api-security",
|
|
54
|
-
"last_threat_review": "2026-
|
|
55
|
-
"days_since_review": -
|
|
54
|
+
"last_threat_review": "2026-06-10",
|
|
55
|
+
"days_since_review": -26,
|
|
56
56
|
"currency_score": 100,
|
|
57
57
|
"currency_label": "current",
|
|
58
58
|
"forward_watch_count": 3,
|
|
@@ -60,8 +60,8 @@
|
|
|
60
60
|
},
|
|
61
61
|
{
|
|
62
62
|
"skill": "attack-surface-pentest",
|
|
63
|
-
"last_threat_review": "2026-
|
|
64
|
-
"days_since_review":
|
|
63
|
+
"last_threat_review": "2026-06-10",
|
|
64
|
+
"days_since_review": -26,
|
|
65
65
|
"currency_score": 100,
|
|
66
66
|
"currency_label": "current",
|
|
67
67
|
"forward_watch_count": 5,
|
|
@@ -87,8 +87,8 @@
|
|
|
87
87
|
},
|
|
88
88
|
{
|
|
89
89
|
"skill": "cloud-security",
|
|
90
|
-
"last_threat_review": "2026-
|
|
91
|
-
"days_since_review":
|
|
90
|
+
"last_threat_review": "2026-06-10",
|
|
91
|
+
"days_since_review": -26,
|
|
92
92
|
"currency_score": 100,
|
|
93
93
|
"currency_label": "current",
|
|
94
94
|
"forward_watch_count": 14,
|
|
@@ -96,8 +96,8 @@
|
|
|
96
96
|
},
|
|
97
97
|
{
|
|
98
98
|
"skill": "compliance-theater",
|
|
99
|
-
"last_threat_review": "2026-
|
|
100
|
-
"days_since_review": -
|
|
99
|
+
"last_threat_review": "2026-06-10",
|
|
100
|
+
"days_since_review": -26,
|
|
101
101
|
"currency_score": 100,
|
|
102
102
|
"currency_label": "current",
|
|
103
103
|
"forward_watch_count": 0,
|
|
@@ -105,8 +105,8 @@
|
|
|
105
105
|
},
|
|
106
106
|
{
|
|
107
107
|
"skill": "container-runtime-security",
|
|
108
|
-
"last_threat_review": "2026-
|
|
109
|
-
"days_since_review":
|
|
108
|
+
"last_threat_review": "2026-06-10",
|
|
109
|
+
"days_since_review": -26,
|
|
110
110
|
"currency_score": 100,
|
|
111
111
|
"currency_label": "current",
|
|
112
112
|
"forward_watch_count": 1,
|
|
@@ -114,8 +114,8 @@
|
|
|
114
114
|
},
|
|
115
115
|
{
|
|
116
116
|
"skill": "coordinated-vuln-disclosure",
|
|
117
|
-
"last_threat_review": "2026-
|
|
118
|
-
"days_since_review":
|
|
117
|
+
"last_threat_review": "2026-06-10",
|
|
118
|
+
"days_since_review": -26,
|
|
119
119
|
"currency_score": 100,
|
|
120
120
|
"currency_label": "current",
|
|
121
121
|
"forward_watch_count": 6,
|
|
@@ -132,8 +132,8 @@
|
|
|
132
132
|
},
|
|
133
133
|
{
|
|
134
134
|
"skill": "defensive-countermeasure-mapping",
|
|
135
|
-
"last_threat_review": "2026-
|
|
136
|
-
"days_since_review":
|
|
135
|
+
"last_threat_review": "2026-06-10",
|
|
136
|
+
"days_since_review": -26,
|
|
137
137
|
"currency_score": 100,
|
|
138
138
|
"currency_label": "current",
|
|
139
139
|
"forward_watch_count": 0,
|
|
@@ -141,8 +141,8 @@
|
|
|
141
141
|
},
|
|
142
142
|
{
|
|
143
143
|
"skill": "dlp-gap-analysis",
|
|
144
|
-
"last_threat_review": "2026-
|
|
145
|
-
"days_since_review":
|
|
144
|
+
"last_threat_review": "2026-06-10",
|
|
145
|
+
"days_since_review": -26,
|
|
146
146
|
"currency_score": 100,
|
|
147
147
|
"currency_label": "current",
|
|
148
148
|
"forward_watch_count": 5,
|
|
@@ -159,8 +159,8 @@
|
|
|
159
159
|
},
|
|
160
160
|
{
|
|
161
161
|
"skill": "exploit-scoring",
|
|
162
|
-
"last_threat_review": "2026-
|
|
163
|
-
"days_since_review": -
|
|
162
|
+
"last_threat_review": "2026-06-10",
|
|
163
|
+
"days_since_review": -26,
|
|
164
164
|
"currency_score": 100,
|
|
165
165
|
"currency_label": "current",
|
|
166
166
|
"forward_watch_count": 0,
|
|
@@ -168,8 +168,8 @@
|
|
|
168
168
|
},
|
|
169
169
|
{
|
|
170
170
|
"skill": "framework-gap-analysis",
|
|
171
|
-
"last_threat_review": "2026-
|
|
172
|
-
"days_since_review": -
|
|
171
|
+
"last_threat_review": "2026-06-10",
|
|
172
|
+
"days_since_review": -26,
|
|
173
173
|
"currency_score": 100,
|
|
174
174
|
"currency_label": "current",
|
|
175
175
|
"forward_watch_count": 0,
|
|
@@ -177,8 +177,8 @@
|
|
|
177
177
|
},
|
|
178
178
|
{
|
|
179
179
|
"skill": "fuzz-testing-strategy",
|
|
180
|
-
"last_threat_review": "2026-
|
|
181
|
-
"days_since_review":
|
|
180
|
+
"last_threat_review": "2026-06-10",
|
|
181
|
+
"days_since_review": -26,
|
|
182
182
|
"currency_score": 100,
|
|
183
183
|
"currency_label": "current",
|
|
184
184
|
"forward_watch_count": 4,
|
|
@@ -213,8 +213,8 @@
|
|
|
213
213
|
},
|
|
214
214
|
{
|
|
215
215
|
"skill": "incident-response-playbook",
|
|
216
|
-
"last_threat_review": "2026-
|
|
217
|
-
"days_since_review": -
|
|
216
|
+
"last_threat_review": "2026-06-10",
|
|
217
|
+
"days_since_review": -26,
|
|
218
218
|
"currency_score": 100,
|
|
219
219
|
"currency_label": "current",
|
|
220
220
|
"forward_watch_count": 8,
|
|
@@ -249,8 +249,8 @@
|
|
|
249
249
|
},
|
|
250
250
|
{
|
|
251
251
|
"skill": "mcp-agent-trust",
|
|
252
|
-
"last_threat_review": "2026-
|
|
253
|
-
"days_since_review": -
|
|
252
|
+
"last_threat_review": "2026-06-10",
|
|
253
|
+
"days_since_review": -26,
|
|
254
254
|
"currency_score": 100,
|
|
255
255
|
"currency_label": "current",
|
|
256
256
|
"forward_watch_count": 4,
|
|
@@ -258,8 +258,8 @@
|
|
|
258
258
|
},
|
|
259
259
|
{
|
|
260
260
|
"skill": "mlops-security",
|
|
261
|
-
"last_threat_review": "2026-
|
|
262
|
-
"days_since_review": -
|
|
261
|
+
"last_threat_review": "2026-06-10",
|
|
262
|
+
"days_since_review": -26,
|
|
263
263
|
"currency_score": 100,
|
|
264
264
|
"currency_label": "current",
|
|
265
265
|
"forward_watch_count": 6,
|
|
@@ -285,8 +285,8 @@
|
|
|
285
285
|
},
|
|
286
286
|
{
|
|
287
287
|
"skill": "ot-ics-security",
|
|
288
|
-
"last_threat_review": "2026-
|
|
289
|
-
"days_since_review":
|
|
288
|
+
"last_threat_review": "2026-06-10",
|
|
289
|
+
"days_since_review": -26,
|
|
290
290
|
"currency_score": 100,
|
|
291
291
|
"currency_label": "current",
|
|
292
292
|
"forward_watch_count": 0,
|
|
@@ -294,8 +294,8 @@
|
|
|
294
294
|
},
|
|
295
295
|
{
|
|
296
296
|
"skill": "policy-exception-gen",
|
|
297
|
-
"last_threat_review": "2026-
|
|
298
|
-
"days_since_review": -
|
|
297
|
+
"last_threat_review": "2026-06-10",
|
|
298
|
+
"days_since_review": -26,
|
|
299
299
|
"currency_score": 100,
|
|
300
300
|
"currency_label": "current",
|
|
301
301
|
"forward_watch_count": 4,
|
|
@@ -303,8 +303,8 @@
|
|
|
303
303
|
},
|
|
304
304
|
{
|
|
305
305
|
"skill": "pqc-first",
|
|
306
|
-
"last_threat_review": "2026-
|
|
307
|
-
"days_since_review": -
|
|
306
|
+
"last_threat_review": "2026-06-10",
|
|
307
|
+
"days_since_review": -26,
|
|
308
308
|
"currency_score": 100,
|
|
309
309
|
"currency_label": "current",
|
|
310
310
|
"forward_watch_count": 11,
|
|
@@ -321,8 +321,8 @@
|
|
|
321
321
|
},
|
|
322
322
|
{
|
|
323
323
|
"skill": "rag-pipeline-security",
|
|
324
|
-
"last_threat_review": "2026-
|
|
325
|
-
"days_since_review": -
|
|
324
|
+
"last_threat_review": "2026-06-10",
|
|
325
|
+
"days_since_review": -26,
|
|
326
326
|
"currency_score": 100,
|
|
327
327
|
"currency_label": "current",
|
|
328
328
|
"forward_watch_count": 1,
|
|
@@ -330,8 +330,8 @@
|
|
|
330
330
|
},
|
|
331
331
|
{
|
|
332
332
|
"skill": "ransomware-response",
|
|
333
|
-
"last_threat_review": "2026-
|
|
334
|
-
"days_since_review": -
|
|
333
|
+
"last_threat_review": "2026-06-10",
|
|
334
|
+
"days_since_review": -26,
|
|
335
335
|
"currency_score": 100,
|
|
336
336
|
"currency_label": "current",
|
|
337
337
|
"forward_watch_count": 10,
|
|
@@ -348,8 +348,8 @@
|
|
|
348
348
|
},
|
|
349
349
|
{
|
|
350
350
|
"skill": "sector-energy",
|
|
351
|
-
"last_threat_review": "2026-
|
|
352
|
-
"days_since_review":
|
|
351
|
+
"last_threat_review": "2026-06-10",
|
|
352
|
+
"days_since_review": -26,
|
|
353
353
|
"currency_score": 100,
|
|
354
354
|
"currency_label": "current",
|
|
355
355
|
"forward_watch_count": 8,
|
|
@@ -357,8 +357,8 @@
|
|
|
357
357
|
},
|
|
358
358
|
{
|
|
359
359
|
"skill": "sector-federal-government",
|
|
360
|
-
"last_threat_review": "2026-
|
|
361
|
-
"days_since_review":
|
|
360
|
+
"last_threat_review": "2026-06-10",
|
|
361
|
+
"days_since_review": -26,
|
|
362
362
|
"currency_score": 100,
|
|
363
363
|
"currency_label": "current",
|
|
364
364
|
"forward_watch_count": 10,
|
|
@@ -366,8 +366,8 @@
|
|
|
366
366
|
},
|
|
367
367
|
{
|
|
368
368
|
"skill": "sector-financial",
|
|
369
|
-
"last_threat_review": "2026-
|
|
370
|
-
"days_since_review":
|
|
369
|
+
"last_threat_review": "2026-06-10",
|
|
370
|
+
"days_since_review": -26,
|
|
371
371
|
"currency_score": 100,
|
|
372
372
|
"currency_label": "current",
|
|
373
373
|
"forward_watch_count": 12,
|
|
@@ -375,8 +375,8 @@
|
|
|
375
375
|
},
|
|
376
376
|
{
|
|
377
377
|
"skill": "sector-healthcare",
|
|
378
|
-
"last_threat_review": "2026-
|
|
379
|
-
"days_since_review":
|
|
378
|
+
"last_threat_review": "2026-06-10",
|
|
379
|
+
"days_since_review": -26,
|
|
380
380
|
"currency_score": 100,
|
|
381
381
|
"currency_label": "current",
|
|
382
382
|
"forward_watch_count": 0,
|
|
@@ -411,8 +411,8 @@
|
|
|
411
411
|
},
|
|
412
412
|
{
|
|
413
413
|
"skill": "skill-update-loop",
|
|
414
|
-
"last_threat_review": "2026-
|
|
415
|
-
"days_since_review": -
|
|
414
|
+
"last_threat_review": "2026-06-10",
|
|
415
|
+
"days_since_review": -26,
|
|
416
416
|
"currency_score": 100,
|
|
417
417
|
"currency_label": "current",
|
|
418
418
|
"forward_watch_count": 7,
|
|
@@ -420,8 +420,8 @@
|
|
|
420
420
|
},
|
|
421
421
|
{
|
|
422
422
|
"skill": "supply-chain-integrity",
|
|
423
|
-
"last_threat_review": "2026-
|
|
424
|
-
"days_since_review":
|
|
423
|
+
"last_threat_review": "2026-06-10",
|
|
424
|
+
"days_since_review": -26,
|
|
425
425
|
"currency_score": 100,
|
|
426
426
|
"currency_label": "current",
|
|
427
427
|
"forward_watch_count": 8,
|
|
@@ -429,8 +429,8 @@
|
|
|
429
429
|
},
|
|
430
430
|
{
|
|
431
431
|
"skill": "threat-model-currency",
|
|
432
|
-
"last_threat_review": "2026-
|
|
433
|
-
"days_since_review": -
|
|
432
|
+
"last_threat_review": "2026-06-10",
|
|
433
|
+
"days_since_review": -26,
|
|
434
434
|
"currency_score": 100,
|
|
435
435
|
"currency_label": "current",
|
|
436
436
|
"forward_watch_count": 5,
|
|
@@ -438,8 +438,8 @@
|
|
|
438
438
|
},
|
|
439
439
|
{
|
|
440
440
|
"skill": "threat-modeling-methodology",
|
|
441
|
-
"last_threat_review": "2026-
|
|
442
|
-
"days_since_review":
|
|
441
|
+
"last_threat_review": "2026-06-10",
|
|
442
|
+
"days_since_review": -26,
|
|
443
443
|
"currency_score": 100,
|
|
444
444
|
"currency_label": "current",
|
|
445
445
|
"forward_watch_count": 6,
|
|
@@ -456,8 +456,8 @@
|
|
|
456
456
|
},
|
|
457
457
|
{
|
|
458
458
|
"skill": "webapp-security",
|
|
459
|
-
"last_threat_review": "2026-
|
|
460
|
-
"days_since_review":
|
|
459
|
+
"last_threat_review": "2026-06-10",
|
|
460
|
+
"days_since_review": -26,
|
|
461
461
|
"currency_score": 100,
|
|
462
462
|
"currency_label": "current",
|
|
463
463
|
"forward_watch_count": 1,
|
|
@@ -465,8 +465,8 @@
|
|
|
465
465
|
},
|
|
466
466
|
{
|
|
467
467
|
"skill": "zeroday-gap-learn",
|
|
468
|
-
"last_threat_review": "2026-
|
|
469
|
-
"days_since_review": -
|
|
468
|
+
"last_threat_review": "2026-06-10",
|
|
469
|
+
"days_since_review": -26,
|
|
470
470
|
"currency_score": 100,
|
|
471
471
|
"currency_label": "current",
|
|
472
472
|
"forward_watch_count": 4,
|
|
@@ -19,7 +19,7 @@
|
|
|
19
19
|
"steps": [
|
|
20
20
|
{
|
|
21
21
|
"skill": "ai-attack-surface",
|
|
22
|
-
"why": "Comprehensive attack-surface inventory mapped to ATLAS
|
|
22
|
+
"why": "Comprehensive attack-surface inventory mapped to ATLAS v2026.05 with gap flags."
|
|
23
23
|
},
|
|
24
24
|
{
|
|
25
25
|
"skill": "ai-c2-detection",
|