@blamejs/exceptd-skills 0.16.25 → 0.16.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +5 -5
- package/ARCHITECTURE.md +3 -3
- package/CHANGELOG.md +14 -0
- package/CONTEXT.md +2 -2
- package/README.md +5 -5
- package/agents/threat-researcher.md +2 -2
- package/data/_indexes/_meta.json +39 -39
- package/data/_indexes/activity-feed.json +240 -240
- package/data/_indexes/catalog-summaries.json +3 -3
- package/data/_indexes/currency.json +64 -64
- package/data/_indexes/recipes.json +1 -1
- package/data/_indexes/section-offsets.json +510 -510
- package/data/_indexes/summary-cards.json +33 -33
- package/data/_indexes/token-budget.json +200 -200
- package/data/atlas-ttps.json +7 -7
- package/data/attack-techniques.json +5 -5
- package/data/framework-control-gaps.json +3 -3
- package/lib/auto-discovery.js +7 -9
- package/lib/cvss.js +108 -0
- package/lib/prefetch.js +97 -5
- package/lib/refresh-external.js +22 -11
- package/lib/schemas/manifest.schema.json +1 -1
- package/lib/schemas/skill-frontmatter.schema.json +1 -1
- package/lib/version-pins.js +3 -3
- package/manifest-snapshot.json +2 -2
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +124 -124
- package/package.json +1 -1
- package/sbom.cdx.json +133 -118
- package/scripts/builders/catalog-summaries.js +1 -1
- package/scripts/builders/recipes.js +1 -1
- package/scripts/run-e2e-scenarios.js +48 -17
- package/skills/age-gates-child-safety/skill.md +3 -3
- package/skills/ai-attack-surface/skill.md +4 -4
- package/skills/ai-c2-detection/skill.md +5 -5
- package/skills/api-security/skill.md +2 -2
- package/skills/attack-surface-pentest/skill.md +4 -4
- package/skills/cloud-security/skill.md +3 -3
- package/skills/compliance-theater/skill.md +3 -3
- package/skills/container-runtime-security/skill.md +3 -3
- package/skills/coordinated-vuln-disclosure/skill.md +2 -2
- package/skills/defensive-countermeasure-mapping/skill.md +3 -3
- package/skills/dlp-gap-analysis/skill.md +5 -5
- package/skills/exploit-scoring/skill.md +2 -2
- package/skills/framework-gap-analysis/skill.md +4 -4
- package/skills/fuzz-testing-strategy/skill.md +2 -2
- package/skills/incident-response-playbook/skill.md +3 -3
- package/skills/mcp-agent-trust/skill.md +2 -2
- package/skills/mlops-security/skill.md +3 -3
- package/skills/ot-ics-security/skill.md +3 -3
- package/skills/policy-exception-gen/skill.md +3 -3
- package/skills/pqc-first/skill.md +2 -2
- package/skills/rag-pipeline-security/skill.md +4 -4
- package/skills/ransomware-response/skill.md +2 -2
- package/skills/sector-energy/skill.md +2 -2
- package/skills/sector-federal-government/skill.md +2 -2
- package/skills/sector-financial/skill.md +4 -4
- package/skills/sector-healthcare/skill.md +3 -3
- package/skills/security-maturity-tiers/skill.md +1 -1
- package/skills/skill-update-loop/skill.md +6 -6
- package/skills/supply-chain-integrity/skill.md +2 -2
- package/skills/threat-model-currency/skill.md +8 -8
- package/skills/threat-modeling-methodology/skill.md +2 -2
- package/skills/webapp-security/skill.md +2 -2
- package/skills/zeroday-gap-learn/skill.md +3 -3
- package/sources/validators/cve-validator.js +12 -13
|
@@ -64,7 +64,7 @@
|
|
|
64
64
|
]
|
|
65
65
|
},
|
|
66
66
|
"ai-attack-surface": {
|
|
67
|
-
"description": "Comprehensive AI/ML attack surface assessment mapped to MITRE ATLAS
|
|
67
|
+
"description": "Comprehensive AI/ML attack surface assessment mapped to MITRE ATLAS v2026.05 with explicit framework gap flags",
|
|
68
68
|
"threat_context_excerpt": "The AI attack surface is not speculative. It is actively exploited. The following are confirmed, documented threats as of mid-2026.",
|
|
69
69
|
"produces": "The assessment produces a structured AI Attack Surface Assessment report. The shape below is consumed downstream by `mcp-agent-trust` (which converts the MCP Trust Assessment section into per-server policy), by `rag-pipeline-security` (which picks up any RAG-pipeline entries from the Surface Inventory), and by `incident-response-playbook` (which scopes IR against the prompt-injection and AI-C2 exposure bands). CSAF-style auditor evidence bundles consume the Framework Gaps and ATLAS TTP Coverage Gaps sections verbatim — preserve the framework-control IDs as cited.\n\n```\n## AI Attack Surface Asse ...",
|
|
70
70
|
"key_xrefs": {
|
|
@@ -119,7 +119,7 @@
|
|
|
119
119
|
"cwe_count": 3,
|
|
120
120
|
"d3fend_count": 5,
|
|
121
121
|
"rfc_count": 0,
|
|
122
|
-
"last_threat_review": "2026-
|
|
122
|
+
"last_threat_review": "2026-06-10",
|
|
123
123
|
"path": "skills/ai-attack-surface/skill.md",
|
|
124
124
|
"handoff_targets": []
|
|
125
125
|
},
|
|
@@ -186,7 +186,7 @@
|
|
|
186
186
|
"cwe_count": 8,
|
|
187
187
|
"d3fend_count": 6,
|
|
188
188
|
"rfc_count": 7,
|
|
189
|
-
"last_threat_review": "2026-
|
|
189
|
+
"last_threat_review": "2026-06-10",
|
|
190
190
|
"path": "skills/mcp-agent-trust/skill.md",
|
|
191
191
|
"handoff_targets": [
|
|
192
192
|
"attack-surface-pentest",
|
|
@@ -216,7 +216,7 @@
|
|
|
216
216
|
"cwe_count": 0,
|
|
217
217
|
"d3fend_count": 0,
|
|
218
218
|
"rfc_count": 0,
|
|
219
|
-
"last_threat_review": "2026-
|
|
219
|
+
"last_threat_review": "2026-06-10",
|
|
220
220
|
"path": "skills/framework-gap-analysis/skill.md",
|
|
221
221
|
"handoff_targets": []
|
|
222
222
|
},
|
|
@@ -245,7 +245,7 @@
|
|
|
245
245
|
"cwe_count": 0,
|
|
246
246
|
"d3fend_count": 0,
|
|
247
247
|
"rfc_count": 0,
|
|
248
|
-
"last_threat_review": "2026-
|
|
248
|
+
"last_threat_review": "2026-06-10",
|
|
249
249
|
"path": "skills/compliance-theater/skill.md",
|
|
250
250
|
"handoff_targets": []
|
|
251
251
|
},
|
|
@@ -272,7 +272,7 @@
|
|
|
272
272
|
"cwe_count": 0,
|
|
273
273
|
"d3fend_count": 0,
|
|
274
274
|
"rfc_count": 0,
|
|
275
|
-
"last_threat_review": "2026-
|
|
275
|
+
"last_threat_review": "2026-06-10",
|
|
276
276
|
"path": "skills/exploit-scoring/skill.md",
|
|
277
277
|
"handoff_targets": []
|
|
278
278
|
},
|
|
@@ -320,7 +320,7 @@
|
|
|
320
320
|
"cwe_count": 2,
|
|
321
321
|
"d3fend_count": 5,
|
|
322
322
|
"rfc_count": 0,
|
|
323
|
-
"last_threat_review": "2026-
|
|
323
|
+
"last_threat_review": "2026-06-10",
|
|
324
324
|
"path": "skills/rag-pipeline-security/skill.md",
|
|
325
325
|
"handoff_targets": [
|
|
326
326
|
"ai-attack-surface",
|
|
@@ -382,7 +382,7 @@
|
|
|
382
382
|
"cwe_count": 1,
|
|
383
383
|
"d3fend_count": 7,
|
|
384
384
|
"rfc_count": 6,
|
|
385
|
-
"last_threat_review": "2026-
|
|
385
|
+
"last_threat_review": "2026-06-10",
|
|
386
386
|
"path": "skills/ai-c2-detection/skill.md",
|
|
387
387
|
"handoff_targets": [
|
|
388
388
|
"attack-surface-pentest",
|
|
@@ -414,7 +414,7 @@
|
|
|
414
414
|
"cwe_count": 1,
|
|
415
415
|
"d3fend_count": 0,
|
|
416
416
|
"rfc_count": 0,
|
|
417
|
-
"last_threat_review": "2026-
|
|
417
|
+
"last_threat_review": "2026-06-10",
|
|
418
418
|
"path": "skills/policy-exception-gen/skill.md",
|
|
419
419
|
"handoff_targets": []
|
|
420
420
|
},
|
|
@@ -438,7 +438,7 @@
|
|
|
438
438
|
"cwe_count": 0,
|
|
439
439
|
"d3fend_count": 0,
|
|
440
440
|
"rfc_count": 0,
|
|
441
|
-
"last_threat_review": "2026-
|
|
441
|
+
"last_threat_review": "2026-06-10",
|
|
442
442
|
"path": "skills/threat-model-currency/skill.md",
|
|
443
443
|
"handoff_targets": []
|
|
444
444
|
},
|
|
@@ -486,7 +486,7 @@
|
|
|
486
486
|
"cwe_count": 0,
|
|
487
487
|
"d3fend_count": 0,
|
|
488
488
|
"rfc_count": 0,
|
|
489
|
-
"last_threat_review": "2026-
|
|
489
|
+
"last_threat_review": "2026-06-10",
|
|
490
490
|
"path": "skills/zeroday-gap-learn/skill.md",
|
|
491
491
|
"handoff_targets": []
|
|
492
492
|
},
|
|
@@ -527,7 +527,7 @@
|
|
|
527
527
|
"cwe_count": 1,
|
|
528
528
|
"d3fend_count": 2,
|
|
529
529
|
"rfc_count": 8,
|
|
530
|
-
"last_threat_review": "2026-
|
|
530
|
+
"last_threat_review": "2026-06-10",
|
|
531
531
|
"path": "skills/pqc-first/skill.md",
|
|
532
532
|
"handoff_targets": []
|
|
533
533
|
},
|
|
@@ -551,7 +551,7 @@
|
|
|
551
551
|
"cwe_count": 0,
|
|
552
552
|
"d3fend_count": 0,
|
|
553
553
|
"rfc_count": 0,
|
|
554
|
-
"last_threat_review": "2026-
|
|
554
|
+
"last_threat_review": "2026-06-10",
|
|
555
555
|
"path": "skills/skill-update-loop/skill.md",
|
|
556
556
|
"handoff_targets": []
|
|
557
557
|
},
|
|
@@ -658,7 +658,7 @@
|
|
|
658
658
|
"cwe_count": 11,
|
|
659
659
|
"d3fend_count": 3,
|
|
660
660
|
"rfc_count": 0,
|
|
661
|
-
"last_threat_review": "2026-
|
|
661
|
+
"last_threat_review": "2026-06-10",
|
|
662
662
|
"path": "skills/attack-surface-pentest/skill.md",
|
|
663
663
|
"handoff_targets": []
|
|
664
664
|
},
|
|
@@ -701,7 +701,7 @@
|
|
|
701
701
|
"cwe_count": 6,
|
|
702
702
|
"d3fend_count": 3,
|
|
703
703
|
"rfc_count": 0,
|
|
704
|
-
"last_threat_review": "2026-
|
|
704
|
+
"last_threat_review": "2026-06-10",
|
|
705
705
|
"path": "skills/fuzz-testing-strategy/skill.md",
|
|
706
706
|
"handoff_targets": []
|
|
707
707
|
},
|
|
@@ -756,7 +756,7 @@
|
|
|
756
756
|
"cwe_count": 2,
|
|
757
757
|
"d3fend_count": 5,
|
|
758
758
|
"rfc_count": 2,
|
|
759
|
-
"last_threat_review": "2026-
|
|
759
|
+
"last_threat_review": "2026-06-10",
|
|
760
760
|
"path": "skills/dlp-gap-analysis/skill.md",
|
|
761
761
|
"handoff_targets": []
|
|
762
762
|
},
|
|
@@ -813,7 +813,7 @@
|
|
|
813
813
|
"cwe_count": 5,
|
|
814
814
|
"d3fend_count": 3,
|
|
815
815
|
"rfc_count": 1,
|
|
816
|
-
"last_threat_review": "2026-
|
|
816
|
+
"last_threat_review": "2026-06-10",
|
|
817
817
|
"path": "skills/supply-chain-integrity/skill.md",
|
|
818
818
|
"handoff_targets": []
|
|
819
819
|
},
|
|
@@ -858,7 +858,7 @@
|
|
|
858
858
|
"cwe_count": 0,
|
|
859
859
|
"d3fend_count": 20,
|
|
860
860
|
"rfc_count": 0,
|
|
861
|
-
"last_threat_review": "2026-
|
|
861
|
+
"last_threat_review": "2026-06-10",
|
|
862
862
|
"path": "skills/defensive-countermeasure-mapping/skill.md",
|
|
863
863
|
"handoff_targets": []
|
|
864
864
|
},
|
|
@@ -964,7 +964,7 @@
|
|
|
964
964
|
"cwe_count": 4,
|
|
965
965
|
"d3fend_count": 0,
|
|
966
966
|
"rfc_count": 0,
|
|
967
|
-
"last_threat_review": "2026-
|
|
967
|
+
"last_threat_review": "2026-06-10",
|
|
968
968
|
"path": "skills/ot-ics-security/skill.md",
|
|
969
969
|
"handoff_targets": [
|
|
970
970
|
"ai-attack-surface",
|
|
@@ -1014,7 +1014,7 @@
|
|
|
1014
1014
|
"cwe_count": 1,
|
|
1015
1015
|
"d3fend_count": 0,
|
|
1016
1016
|
"rfc_count": 4,
|
|
1017
|
-
"last_threat_review": "2026-
|
|
1017
|
+
"last_threat_review": "2026-06-10",
|
|
1018
1018
|
"path": "skills/coordinated-vuln-disclosure/skill.md",
|
|
1019
1019
|
"handoff_targets": [
|
|
1020
1020
|
"attack-surface-pentest",
|
|
@@ -1056,7 +1056,7 @@
|
|
|
1056
1056
|
"cwe_count": 0,
|
|
1057
1057
|
"d3fend_count": 0,
|
|
1058
1058
|
"rfc_count": 0,
|
|
1059
|
-
"last_threat_review": "2026-
|
|
1059
|
+
"last_threat_review": "2026-06-10",
|
|
1060
1060
|
"path": "skills/threat-modeling-methodology/skill.md",
|
|
1061
1061
|
"handoff_targets": [
|
|
1062
1062
|
"ai-attack-surface",
|
|
@@ -1132,7 +1132,7 @@
|
|
|
1132
1132
|
"cwe_count": 17,
|
|
1133
1133
|
"d3fend_count": 5,
|
|
1134
1134
|
"rfc_count": 4,
|
|
1135
|
-
"last_threat_review": "2026-
|
|
1135
|
+
"last_threat_review": "2026-06-10",
|
|
1136
1136
|
"path": "skills/webapp-security/skill.md",
|
|
1137
1137
|
"handoff_targets": [
|
|
1138
1138
|
"ai-attack-surface",
|
|
@@ -1245,7 +1245,7 @@
|
|
|
1245
1245
|
"cwe_count": 4,
|
|
1246
1246
|
"d3fend_count": 3,
|
|
1247
1247
|
"rfc_count": 2,
|
|
1248
|
-
"last_threat_review": "2026-
|
|
1248
|
+
"last_threat_review": "2026-06-10",
|
|
1249
1249
|
"path": "skills/sector-healthcare/skill.md",
|
|
1250
1250
|
"handoff_targets": [
|
|
1251
1251
|
"ai-attack-surface",
|
|
@@ -1314,7 +1314,7 @@
|
|
|
1314
1314
|
"cwe_count": 5,
|
|
1315
1315
|
"d3fend_count": 4,
|
|
1316
1316
|
"rfc_count": 4,
|
|
1317
|
-
"last_threat_review": "2026-
|
|
1317
|
+
"last_threat_review": "2026-06-10",
|
|
1318
1318
|
"path": "skills/sector-financial/skill.md",
|
|
1319
1319
|
"handoff_targets": [
|
|
1320
1320
|
"ai-attack-surface",
|
|
@@ -1373,7 +1373,7 @@
|
|
|
1373
1373
|
"cwe_count": 3,
|
|
1374
1374
|
"d3fend_count": 3,
|
|
1375
1375
|
"rfc_count": 2,
|
|
1376
|
-
"last_threat_review": "2026-
|
|
1376
|
+
"last_threat_review": "2026-06-10",
|
|
1377
1377
|
"path": "skills/sector-federal-government/skill.md",
|
|
1378
1378
|
"handoff_targets": [
|
|
1379
1379
|
"ai-attack-surface",
|
|
@@ -1431,7 +1431,7 @@
|
|
|
1431
1431
|
"cwe_count": 4,
|
|
1432
1432
|
"d3fend_count": 5,
|
|
1433
1433
|
"rfc_count": 0,
|
|
1434
|
-
"last_threat_review": "2026-
|
|
1434
|
+
"last_threat_review": "2026-06-10",
|
|
1435
1435
|
"path": "skills/sector-energy/skill.md",
|
|
1436
1436
|
"handoff_targets": [
|
|
1437
1437
|
"ai-attack-surface",
|
|
@@ -1562,7 +1562,7 @@
|
|
|
1562
1562
|
"cwe_count": 9,
|
|
1563
1563
|
"d3fend_count": 5,
|
|
1564
1564
|
"rfc_count": 7,
|
|
1565
|
-
"last_threat_review": "2026-
|
|
1565
|
+
"last_threat_review": "2026-06-10",
|
|
1566
1566
|
"path": "skills/api-security/skill.md",
|
|
1567
1567
|
"handoff_targets": [
|
|
1568
1568
|
"ai-c2-detection",
|
|
@@ -1627,7 +1627,7 @@
|
|
|
1627
1627
|
"cwe_count": 6,
|
|
1628
1628
|
"d3fend_count": 5,
|
|
1629
1629
|
"rfc_count": 4,
|
|
1630
|
-
"last_threat_review": "2026-
|
|
1630
|
+
"last_threat_review": "2026-06-10",
|
|
1631
1631
|
"path": "skills/cloud-security/skill.md",
|
|
1632
1632
|
"handoff_targets": [
|
|
1633
1633
|
"ai-c2-detection",
|
|
@@ -1694,7 +1694,7 @@
|
|
|
1694
1694
|
"cwe_count": 5,
|
|
1695
1695
|
"d3fend_count": 6,
|
|
1696
1696
|
"rfc_count": 2,
|
|
1697
|
-
"last_threat_review": "2026-
|
|
1697
|
+
"last_threat_review": "2026-06-10",
|
|
1698
1698
|
"path": "skills/container-runtime-security/skill.md",
|
|
1699
1699
|
"handoff_targets": [
|
|
1700
1700
|
"ai-attack-surface",
|
|
@@ -1765,7 +1765,7 @@
|
|
|
1765
1765
|
"cwe_count": 4,
|
|
1766
1766
|
"d3fend_count": 3,
|
|
1767
1767
|
"rfc_count": 1,
|
|
1768
|
-
"last_threat_review": "2026-
|
|
1768
|
+
"last_threat_review": "2026-06-10",
|
|
1769
1769
|
"path": "skills/mlops-security/skill.md",
|
|
1770
1770
|
"handoff_targets": [
|
|
1771
1771
|
"ai-attack-surface",
|
|
@@ -1822,7 +1822,7 @@
|
|
|
1822
1822
|
"cwe_count": 0,
|
|
1823
1823
|
"d3fend_count": 4,
|
|
1824
1824
|
"rfc_count": 3,
|
|
1825
|
-
"last_threat_review": "2026-
|
|
1825
|
+
"last_threat_review": "2026-06-10",
|
|
1826
1826
|
"path": "skills/incident-response-playbook/skill.md",
|
|
1827
1827
|
"handoff_targets": [
|
|
1828
1828
|
"ai-attack-surface",
|
|
@@ -1884,7 +1884,7 @@
|
|
|
1884
1884
|
"cwe_count": 2,
|
|
1885
1885
|
"d3fend_count": 4,
|
|
1886
1886
|
"rfc_count": 0,
|
|
1887
|
-
"last_threat_review": "2026-
|
|
1887
|
+
"last_threat_review": "2026-06-10",
|
|
1888
1888
|
"path": "skills/ransomware-response/skill.md",
|
|
1889
1889
|
"handoff_targets": [
|
|
1890
1890
|
"compliance-theater",
|
|
@@ -1991,7 +1991,7 @@
|
|
|
1991
1991
|
"cwe_count": 3,
|
|
1992
1992
|
"d3fend_count": 3,
|
|
1993
1993
|
"rfc_count": 0,
|
|
1994
|
-
"last_threat_review": "2026-
|
|
1994
|
+
"last_threat_review": "2026-06-10",
|
|
1995
1995
|
"path": "skills/age-gates-child-safety/skill.md",
|
|
1996
1996
|
"handoff_targets": [
|
|
1997
1997
|
"ai-attack-surface",
|