@blamejs/exceptd-skills 0.16.25 → 0.16.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +5 -5
- package/ARCHITECTURE.md +3 -3
- package/CHANGELOG.md +28 -0
- package/CONTEXT.md +2 -2
- package/README.md +6 -6
- package/agents/threat-researcher.md +2 -2
- package/bin/exceptd.js +41 -8
- package/data/_indexes/_meta.json +41 -40
- package/data/_indexes/activity-feed.json +240 -240
- package/data/_indexes/catalog-summaries.json +3 -3
- package/data/_indexes/currency.json +64 -64
- package/data/_indexes/jurisdiction-map.json +31 -158
- package/data/_indexes/recipes.json +1 -1
- package/data/_indexes/section-offsets.json +510 -510
- package/data/_indexes/summary-cards.json +33 -33
- package/data/_indexes/token-budget.json +200 -200
- package/data/atlas-ttps.json +7 -7
- package/data/attack-techniques.json +5 -5
- package/data/framework-control-gaps.json +3 -3
- package/lib/auto-discovery.js +15 -9
- package/lib/collectors/library-author.js +26 -9
- package/lib/collectors/secrets.js +8 -1
- package/lib/cvss.js +108 -0
- package/lib/lint-skills.js +6 -1
- package/lib/playbook-runner.js +17 -4
- package/lib/prefetch.js +97 -5
- package/lib/refresh-external.js +25 -13
- package/lib/schemas/manifest.schema.json +1 -1
- package/lib/schemas/skill-frontmatter.schema.json +1 -1
- package/lib/validate-indexes.js +5 -0
- package/lib/version-pins.js +3 -3
- package/manifest-snapshot.json +2 -2
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +124 -124
- package/orchestrator/pipeline.js +16 -4
- package/package.json +1 -1
- package/sbom.cdx.json +170 -140
- package/scripts/build-indexes.js +12 -1
- package/scripts/builders/catalog-summaries.js +1 -1
- package/scripts/builders/recipes.js +1 -1
- package/scripts/check-sbom-currency.js +76 -14
- package/scripts/refresh-sbom.js +1 -1
- package/scripts/run-e2e-scenarios.js +48 -17
- package/scripts/sync-package-description.js +74 -0
- package/scripts/verify-shipped-tarball.js +18 -7
- package/skills/age-gates-child-safety/skill.md +3 -3
- package/skills/ai-attack-surface/skill.md +4 -4
- package/skills/ai-c2-detection/skill.md +5 -5
- package/skills/api-security/skill.md +2 -2
- package/skills/attack-surface-pentest/skill.md +4 -4
- package/skills/cloud-security/skill.md +3 -3
- package/skills/compliance-theater/skill.md +3 -3
- package/skills/container-runtime-security/skill.md +3 -3
- package/skills/coordinated-vuln-disclosure/skill.md +2 -2
- package/skills/defensive-countermeasure-mapping/skill.md +3 -3
- package/skills/dlp-gap-analysis/skill.md +5 -5
- package/skills/exploit-scoring/skill.md +2 -2
- package/skills/framework-gap-analysis/skill.md +4 -4
- package/skills/fuzz-testing-strategy/skill.md +2 -2
- package/skills/incident-response-playbook/skill.md +3 -3
- package/skills/mcp-agent-trust/skill.md +2 -2
- package/skills/mlops-security/skill.md +3 -3
- package/skills/ot-ics-security/skill.md +3 -3
- package/skills/policy-exception-gen/skill.md +3 -3
- package/skills/pqc-first/skill.md +2 -2
- package/skills/rag-pipeline-security/skill.md +4 -4
- package/skills/ransomware-response/skill.md +2 -2
- package/skills/sector-energy/skill.md +2 -2
- package/skills/sector-federal-government/skill.md +2 -2
- package/skills/sector-financial/skill.md +4 -4
- package/skills/sector-healthcare/skill.md +3 -3
- package/skills/security-maturity-tiers/skill.md +1 -1
- package/skills/skill-update-loop/skill.md +6 -6
- package/skills/supply-chain-integrity/skill.md +2 -2
- package/skills/threat-model-currency/skill.md +8 -8
- package/skills/threat-modeling-methodology/skill.md +2 -2
- package/skills/webapp-security/skill.md +2 -2
- package/skills/zeroday-gap-learn/skill.md +3 -3
- package/sources/validators/cve-validator.js +27 -18
|
@@ -15,8 +15,8 @@
|
|
|
15
15
|
"skills": [
|
|
16
16
|
{
|
|
17
17
|
"skill": "age-gates-child-safety",
|
|
18
|
-
"last_threat_review": "2026-
|
|
19
|
-
"days_since_review":
|
|
18
|
+
"last_threat_review": "2026-06-10",
|
|
19
|
+
"days_since_review": -26,
|
|
20
20
|
"currency_score": 100,
|
|
21
21
|
"currency_label": "current",
|
|
22
22
|
"forward_watch_count": 10,
|
|
@@ -24,8 +24,8 @@
|
|
|
24
24
|
},
|
|
25
25
|
{
|
|
26
26
|
"skill": "ai-attack-surface",
|
|
27
|
-
"last_threat_review": "2026-
|
|
28
|
-
"days_since_review": -
|
|
27
|
+
"last_threat_review": "2026-06-10",
|
|
28
|
+
"days_since_review": -26,
|
|
29
29
|
"currency_score": 100,
|
|
30
30
|
"currency_label": "current",
|
|
31
31
|
"forward_watch_count": 8,
|
|
@@ -33,8 +33,8 @@
|
|
|
33
33
|
},
|
|
34
34
|
{
|
|
35
35
|
"skill": "ai-c2-detection",
|
|
36
|
-
"last_threat_review": "2026-
|
|
37
|
-
"days_since_review": -
|
|
36
|
+
"last_threat_review": "2026-06-10",
|
|
37
|
+
"days_since_review": -26,
|
|
38
38
|
"currency_score": 100,
|
|
39
39
|
"currency_label": "current",
|
|
40
40
|
"forward_watch_count": 0,
|
|
@@ -51,8 +51,8 @@
|
|
|
51
51
|
},
|
|
52
52
|
{
|
|
53
53
|
"skill": "api-security",
|
|
54
|
-
"last_threat_review": "2026-
|
|
55
|
-
"days_since_review": -
|
|
54
|
+
"last_threat_review": "2026-06-10",
|
|
55
|
+
"days_since_review": -26,
|
|
56
56
|
"currency_score": 100,
|
|
57
57
|
"currency_label": "current",
|
|
58
58
|
"forward_watch_count": 3,
|
|
@@ -60,8 +60,8 @@
|
|
|
60
60
|
},
|
|
61
61
|
{
|
|
62
62
|
"skill": "attack-surface-pentest",
|
|
63
|
-
"last_threat_review": "2026-
|
|
64
|
-
"days_since_review":
|
|
63
|
+
"last_threat_review": "2026-06-10",
|
|
64
|
+
"days_since_review": -26,
|
|
65
65
|
"currency_score": 100,
|
|
66
66
|
"currency_label": "current",
|
|
67
67
|
"forward_watch_count": 5,
|
|
@@ -87,8 +87,8 @@
|
|
|
87
87
|
},
|
|
88
88
|
{
|
|
89
89
|
"skill": "cloud-security",
|
|
90
|
-
"last_threat_review": "2026-
|
|
91
|
-
"days_since_review":
|
|
90
|
+
"last_threat_review": "2026-06-10",
|
|
91
|
+
"days_since_review": -26,
|
|
92
92
|
"currency_score": 100,
|
|
93
93
|
"currency_label": "current",
|
|
94
94
|
"forward_watch_count": 14,
|
|
@@ -96,8 +96,8 @@
|
|
|
96
96
|
},
|
|
97
97
|
{
|
|
98
98
|
"skill": "compliance-theater",
|
|
99
|
-
"last_threat_review": "2026-
|
|
100
|
-
"days_since_review": -
|
|
99
|
+
"last_threat_review": "2026-06-10",
|
|
100
|
+
"days_since_review": -26,
|
|
101
101
|
"currency_score": 100,
|
|
102
102
|
"currency_label": "current",
|
|
103
103
|
"forward_watch_count": 0,
|
|
@@ -105,8 +105,8 @@
|
|
|
105
105
|
},
|
|
106
106
|
{
|
|
107
107
|
"skill": "container-runtime-security",
|
|
108
|
-
"last_threat_review": "2026-
|
|
109
|
-
"days_since_review":
|
|
108
|
+
"last_threat_review": "2026-06-10",
|
|
109
|
+
"days_since_review": -26,
|
|
110
110
|
"currency_score": 100,
|
|
111
111
|
"currency_label": "current",
|
|
112
112
|
"forward_watch_count": 1,
|
|
@@ -114,8 +114,8 @@
|
|
|
114
114
|
},
|
|
115
115
|
{
|
|
116
116
|
"skill": "coordinated-vuln-disclosure",
|
|
117
|
-
"last_threat_review": "2026-
|
|
118
|
-
"days_since_review":
|
|
117
|
+
"last_threat_review": "2026-06-10",
|
|
118
|
+
"days_since_review": -26,
|
|
119
119
|
"currency_score": 100,
|
|
120
120
|
"currency_label": "current",
|
|
121
121
|
"forward_watch_count": 6,
|
|
@@ -132,8 +132,8 @@
|
|
|
132
132
|
},
|
|
133
133
|
{
|
|
134
134
|
"skill": "defensive-countermeasure-mapping",
|
|
135
|
-
"last_threat_review": "2026-
|
|
136
|
-
"days_since_review":
|
|
135
|
+
"last_threat_review": "2026-06-10",
|
|
136
|
+
"days_since_review": -26,
|
|
137
137
|
"currency_score": 100,
|
|
138
138
|
"currency_label": "current",
|
|
139
139
|
"forward_watch_count": 0,
|
|
@@ -141,8 +141,8 @@
|
|
|
141
141
|
},
|
|
142
142
|
{
|
|
143
143
|
"skill": "dlp-gap-analysis",
|
|
144
|
-
"last_threat_review": "2026-
|
|
145
|
-
"days_since_review":
|
|
144
|
+
"last_threat_review": "2026-06-10",
|
|
145
|
+
"days_since_review": -26,
|
|
146
146
|
"currency_score": 100,
|
|
147
147
|
"currency_label": "current",
|
|
148
148
|
"forward_watch_count": 5,
|
|
@@ -159,8 +159,8 @@
|
|
|
159
159
|
},
|
|
160
160
|
{
|
|
161
161
|
"skill": "exploit-scoring",
|
|
162
|
-
"last_threat_review": "2026-
|
|
163
|
-
"days_since_review": -
|
|
162
|
+
"last_threat_review": "2026-06-10",
|
|
163
|
+
"days_since_review": -26,
|
|
164
164
|
"currency_score": 100,
|
|
165
165
|
"currency_label": "current",
|
|
166
166
|
"forward_watch_count": 0,
|
|
@@ -168,8 +168,8 @@
|
|
|
168
168
|
},
|
|
169
169
|
{
|
|
170
170
|
"skill": "framework-gap-analysis",
|
|
171
|
-
"last_threat_review": "2026-
|
|
172
|
-
"days_since_review": -
|
|
171
|
+
"last_threat_review": "2026-06-10",
|
|
172
|
+
"days_since_review": -26,
|
|
173
173
|
"currency_score": 100,
|
|
174
174
|
"currency_label": "current",
|
|
175
175
|
"forward_watch_count": 0,
|
|
@@ -177,8 +177,8 @@
|
|
|
177
177
|
},
|
|
178
178
|
{
|
|
179
179
|
"skill": "fuzz-testing-strategy",
|
|
180
|
-
"last_threat_review": "2026-
|
|
181
|
-
"days_since_review":
|
|
180
|
+
"last_threat_review": "2026-06-10",
|
|
181
|
+
"days_since_review": -26,
|
|
182
182
|
"currency_score": 100,
|
|
183
183
|
"currency_label": "current",
|
|
184
184
|
"forward_watch_count": 4,
|
|
@@ -213,8 +213,8 @@
|
|
|
213
213
|
},
|
|
214
214
|
{
|
|
215
215
|
"skill": "incident-response-playbook",
|
|
216
|
-
"last_threat_review": "2026-
|
|
217
|
-
"days_since_review": -
|
|
216
|
+
"last_threat_review": "2026-06-10",
|
|
217
|
+
"days_since_review": -26,
|
|
218
218
|
"currency_score": 100,
|
|
219
219
|
"currency_label": "current",
|
|
220
220
|
"forward_watch_count": 8,
|
|
@@ -249,8 +249,8 @@
|
|
|
249
249
|
},
|
|
250
250
|
{
|
|
251
251
|
"skill": "mcp-agent-trust",
|
|
252
|
-
"last_threat_review": "2026-
|
|
253
|
-
"days_since_review": -
|
|
252
|
+
"last_threat_review": "2026-06-10",
|
|
253
|
+
"days_since_review": -26,
|
|
254
254
|
"currency_score": 100,
|
|
255
255
|
"currency_label": "current",
|
|
256
256
|
"forward_watch_count": 4,
|
|
@@ -258,8 +258,8 @@
|
|
|
258
258
|
},
|
|
259
259
|
{
|
|
260
260
|
"skill": "mlops-security",
|
|
261
|
-
"last_threat_review": "2026-
|
|
262
|
-
"days_since_review": -
|
|
261
|
+
"last_threat_review": "2026-06-10",
|
|
262
|
+
"days_since_review": -26,
|
|
263
263
|
"currency_score": 100,
|
|
264
264
|
"currency_label": "current",
|
|
265
265
|
"forward_watch_count": 6,
|
|
@@ -285,8 +285,8 @@
|
|
|
285
285
|
},
|
|
286
286
|
{
|
|
287
287
|
"skill": "ot-ics-security",
|
|
288
|
-
"last_threat_review": "2026-
|
|
289
|
-
"days_since_review":
|
|
288
|
+
"last_threat_review": "2026-06-10",
|
|
289
|
+
"days_since_review": -26,
|
|
290
290
|
"currency_score": 100,
|
|
291
291
|
"currency_label": "current",
|
|
292
292
|
"forward_watch_count": 0,
|
|
@@ -294,8 +294,8 @@
|
|
|
294
294
|
},
|
|
295
295
|
{
|
|
296
296
|
"skill": "policy-exception-gen",
|
|
297
|
-
"last_threat_review": "2026-
|
|
298
|
-
"days_since_review": -
|
|
297
|
+
"last_threat_review": "2026-06-10",
|
|
298
|
+
"days_since_review": -26,
|
|
299
299
|
"currency_score": 100,
|
|
300
300
|
"currency_label": "current",
|
|
301
301
|
"forward_watch_count": 4,
|
|
@@ -303,8 +303,8 @@
|
|
|
303
303
|
},
|
|
304
304
|
{
|
|
305
305
|
"skill": "pqc-first",
|
|
306
|
-
"last_threat_review": "2026-
|
|
307
|
-
"days_since_review": -
|
|
306
|
+
"last_threat_review": "2026-06-10",
|
|
307
|
+
"days_since_review": -26,
|
|
308
308
|
"currency_score": 100,
|
|
309
309
|
"currency_label": "current",
|
|
310
310
|
"forward_watch_count": 11,
|
|
@@ -321,8 +321,8 @@
|
|
|
321
321
|
},
|
|
322
322
|
{
|
|
323
323
|
"skill": "rag-pipeline-security",
|
|
324
|
-
"last_threat_review": "2026-
|
|
325
|
-
"days_since_review": -
|
|
324
|
+
"last_threat_review": "2026-06-10",
|
|
325
|
+
"days_since_review": -26,
|
|
326
326
|
"currency_score": 100,
|
|
327
327
|
"currency_label": "current",
|
|
328
328
|
"forward_watch_count": 1,
|
|
@@ -330,8 +330,8 @@
|
|
|
330
330
|
},
|
|
331
331
|
{
|
|
332
332
|
"skill": "ransomware-response",
|
|
333
|
-
"last_threat_review": "2026-
|
|
334
|
-
"days_since_review": -
|
|
333
|
+
"last_threat_review": "2026-06-10",
|
|
334
|
+
"days_since_review": -26,
|
|
335
335
|
"currency_score": 100,
|
|
336
336
|
"currency_label": "current",
|
|
337
337
|
"forward_watch_count": 10,
|
|
@@ -348,8 +348,8 @@
|
|
|
348
348
|
},
|
|
349
349
|
{
|
|
350
350
|
"skill": "sector-energy",
|
|
351
|
-
"last_threat_review": "2026-
|
|
352
|
-
"days_since_review":
|
|
351
|
+
"last_threat_review": "2026-06-10",
|
|
352
|
+
"days_since_review": -26,
|
|
353
353
|
"currency_score": 100,
|
|
354
354
|
"currency_label": "current",
|
|
355
355
|
"forward_watch_count": 8,
|
|
@@ -357,8 +357,8 @@
|
|
|
357
357
|
},
|
|
358
358
|
{
|
|
359
359
|
"skill": "sector-federal-government",
|
|
360
|
-
"last_threat_review": "2026-
|
|
361
|
-
"days_since_review":
|
|
360
|
+
"last_threat_review": "2026-06-10",
|
|
361
|
+
"days_since_review": -26,
|
|
362
362
|
"currency_score": 100,
|
|
363
363
|
"currency_label": "current",
|
|
364
364
|
"forward_watch_count": 10,
|
|
@@ -366,8 +366,8 @@
|
|
|
366
366
|
},
|
|
367
367
|
{
|
|
368
368
|
"skill": "sector-financial",
|
|
369
|
-
"last_threat_review": "2026-
|
|
370
|
-
"days_since_review":
|
|
369
|
+
"last_threat_review": "2026-06-10",
|
|
370
|
+
"days_since_review": -26,
|
|
371
371
|
"currency_score": 100,
|
|
372
372
|
"currency_label": "current",
|
|
373
373
|
"forward_watch_count": 12,
|
|
@@ -375,8 +375,8 @@
|
|
|
375
375
|
},
|
|
376
376
|
{
|
|
377
377
|
"skill": "sector-healthcare",
|
|
378
|
-
"last_threat_review": "2026-
|
|
379
|
-
"days_since_review":
|
|
378
|
+
"last_threat_review": "2026-06-10",
|
|
379
|
+
"days_since_review": -26,
|
|
380
380
|
"currency_score": 100,
|
|
381
381
|
"currency_label": "current",
|
|
382
382
|
"forward_watch_count": 0,
|
|
@@ -411,8 +411,8 @@
|
|
|
411
411
|
},
|
|
412
412
|
{
|
|
413
413
|
"skill": "skill-update-loop",
|
|
414
|
-
"last_threat_review": "2026-
|
|
415
|
-
"days_since_review": -
|
|
414
|
+
"last_threat_review": "2026-06-10",
|
|
415
|
+
"days_since_review": -26,
|
|
416
416
|
"currency_score": 100,
|
|
417
417
|
"currency_label": "current",
|
|
418
418
|
"forward_watch_count": 7,
|
|
@@ -420,8 +420,8 @@
|
|
|
420
420
|
},
|
|
421
421
|
{
|
|
422
422
|
"skill": "supply-chain-integrity",
|
|
423
|
-
"last_threat_review": "2026-
|
|
424
|
-
"days_since_review":
|
|
423
|
+
"last_threat_review": "2026-06-10",
|
|
424
|
+
"days_since_review": -26,
|
|
425
425
|
"currency_score": 100,
|
|
426
426
|
"currency_label": "current",
|
|
427
427
|
"forward_watch_count": 8,
|
|
@@ -429,8 +429,8 @@
|
|
|
429
429
|
},
|
|
430
430
|
{
|
|
431
431
|
"skill": "threat-model-currency",
|
|
432
|
-
"last_threat_review": "2026-
|
|
433
|
-
"days_since_review": -
|
|
432
|
+
"last_threat_review": "2026-06-10",
|
|
433
|
+
"days_since_review": -26,
|
|
434
434
|
"currency_score": 100,
|
|
435
435
|
"currency_label": "current",
|
|
436
436
|
"forward_watch_count": 5,
|
|
@@ -438,8 +438,8 @@
|
|
|
438
438
|
},
|
|
439
439
|
{
|
|
440
440
|
"skill": "threat-modeling-methodology",
|
|
441
|
-
"last_threat_review": "2026-
|
|
442
|
-
"days_since_review":
|
|
441
|
+
"last_threat_review": "2026-06-10",
|
|
442
|
+
"days_since_review": -26,
|
|
443
443
|
"currency_score": 100,
|
|
444
444
|
"currency_label": "current",
|
|
445
445
|
"forward_watch_count": 6,
|
|
@@ -456,8 +456,8 @@
|
|
|
456
456
|
},
|
|
457
457
|
{
|
|
458
458
|
"skill": "webapp-security",
|
|
459
|
-
"last_threat_review": "2026-
|
|
460
|
-
"days_since_review":
|
|
459
|
+
"last_threat_review": "2026-06-10",
|
|
460
|
+
"days_since_review": -26,
|
|
461
461
|
"currency_score": 100,
|
|
462
462
|
"currency_label": "current",
|
|
463
463
|
"forward_watch_count": 1,
|
|
@@ -465,8 +465,8 @@
|
|
|
465
465
|
},
|
|
466
466
|
{
|
|
467
467
|
"skill": "zeroday-gap-learn",
|
|
468
|
-
"last_threat_review": "2026-
|
|
469
|
-
"days_since_review": -
|
|
468
|
+
"last_threat_review": "2026-06-10",
|
|
469
|
+
"days_since_review": -26,
|
|
470
470
|
"currency_score": 100,
|
|
471
471
|
"currency_label": "current",
|
|
472
472
|
"forward_watch_count": 4,
|