@blamejs/exceptd-skills 0.16.25 → 0.16.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +5 -5
- package/ARCHITECTURE.md +3 -3
- package/CHANGELOG.md +28 -0
- package/CONTEXT.md +2 -2
- package/README.md +6 -6
- package/agents/threat-researcher.md +2 -2
- package/bin/exceptd.js +41 -8
- package/data/_indexes/_meta.json +41 -40
- package/data/_indexes/activity-feed.json +240 -240
- package/data/_indexes/catalog-summaries.json +3 -3
- package/data/_indexes/currency.json +64 -64
- package/data/_indexes/jurisdiction-map.json +31 -158
- package/data/_indexes/recipes.json +1 -1
- package/data/_indexes/section-offsets.json +510 -510
- package/data/_indexes/summary-cards.json +33 -33
- package/data/_indexes/token-budget.json +200 -200
- package/data/atlas-ttps.json +7 -7
- package/data/attack-techniques.json +5 -5
- package/data/framework-control-gaps.json +3 -3
- package/lib/auto-discovery.js +15 -9
- package/lib/collectors/library-author.js +26 -9
- package/lib/collectors/secrets.js +8 -1
- package/lib/cvss.js +108 -0
- package/lib/lint-skills.js +6 -1
- package/lib/playbook-runner.js +17 -4
- package/lib/prefetch.js +97 -5
- package/lib/refresh-external.js +25 -13
- package/lib/schemas/manifest.schema.json +1 -1
- package/lib/schemas/skill-frontmatter.schema.json +1 -1
- package/lib/validate-indexes.js +5 -0
- package/lib/version-pins.js +3 -3
- package/manifest-snapshot.json +2 -2
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +124 -124
- package/orchestrator/pipeline.js +16 -4
- package/package.json +1 -1
- package/sbom.cdx.json +170 -140
- package/scripts/build-indexes.js +12 -1
- package/scripts/builders/catalog-summaries.js +1 -1
- package/scripts/builders/recipes.js +1 -1
- package/scripts/check-sbom-currency.js +76 -14
- package/scripts/refresh-sbom.js +1 -1
- package/scripts/run-e2e-scenarios.js +48 -17
- package/scripts/sync-package-description.js +74 -0
- package/scripts/verify-shipped-tarball.js +18 -7
- package/skills/age-gates-child-safety/skill.md +3 -3
- package/skills/ai-attack-surface/skill.md +4 -4
- package/skills/ai-c2-detection/skill.md +5 -5
- package/skills/api-security/skill.md +2 -2
- package/skills/attack-surface-pentest/skill.md +4 -4
- package/skills/cloud-security/skill.md +3 -3
- package/skills/compliance-theater/skill.md +3 -3
- package/skills/container-runtime-security/skill.md +3 -3
- package/skills/coordinated-vuln-disclosure/skill.md +2 -2
- package/skills/defensive-countermeasure-mapping/skill.md +3 -3
- package/skills/dlp-gap-analysis/skill.md +5 -5
- package/skills/exploit-scoring/skill.md +2 -2
- package/skills/framework-gap-analysis/skill.md +4 -4
- package/skills/fuzz-testing-strategy/skill.md +2 -2
- package/skills/incident-response-playbook/skill.md +3 -3
- package/skills/mcp-agent-trust/skill.md +2 -2
- package/skills/mlops-security/skill.md +3 -3
- package/skills/ot-ics-security/skill.md +3 -3
- package/skills/policy-exception-gen/skill.md +3 -3
- package/skills/pqc-first/skill.md +2 -2
- package/skills/rag-pipeline-security/skill.md +4 -4
- package/skills/ransomware-response/skill.md +2 -2
- package/skills/sector-energy/skill.md +2 -2
- package/skills/sector-federal-government/skill.md +2 -2
- package/skills/sector-financial/skill.md +4 -4
- package/skills/sector-healthcare/skill.md +3 -3
- package/skills/security-maturity-tiers/skill.md +1 -1
- package/skills/skill-update-loop/skill.md +6 -6
- package/skills/supply-chain-integrity/skill.md +2 -2
- package/skills/threat-model-currency/skill.md +8 -8
- package/skills/threat-modeling-methodology/skill.md +2 -2
- package/skills/webapp-security/skill.md +2 -2
- package/skills/zeroday-gap-learn/skill.md +3 -3
- package/sources/validators/cve-validator.js +27 -18
|
@@ -35,7 +35,6 @@
|
|
|
35
35
|
"policy-exception-gen",
|
|
36
36
|
"pqc-first",
|
|
37
37
|
"privacy-consent-ops",
|
|
38
|
-
"rag-pipeline-security",
|
|
39
38
|
"ransomware-response",
|
|
40
39
|
"researcher",
|
|
41
40
|
"sector-energy",
|
|
@@ -54,7 +53,7 @@
|
|
|
54
53
|
"zeroday-gap-learn"
|
|
55
54
|
],
|
|
56
55
|
"example_excerpts": {},
|
|
57
|
-
"skill_count":
|
|
56
|
+
"skill_count": 50
|
|
58
57
|
},
|
|
59
58
|
"UK": {
|
|
60
59
|
"skills": [
|
|
@@ -63,15 +62,11 @@
|
|
|
63
62
|
"ai-c2-detection",
|
|
64
63
|
"ai-risk-management",
|
|
65
64
|
"api-security",
|
|
66
|
-
"attack-surface-pentest",
|
|
67
|
-
"cloud-iam-incident",
|
|
68
65
|
"cloud-security",
|
|
69
66
|
"compliance-theater",
|
|
70
67
|
"container-runtime-security",
|
|
71
68
|
"coordinated-vuln-disclosure",
|
|
72
|
-
"decompression-dos",
|
|
73
69
|
"defensive-countermeasure-mapping",
|
|
74
|
-
"dlp-gap-analysis",
|
|
75
70
|
"email-security-anti-phishing",
|
|
76
71
|
"exploit-scoring",
|
|
77
72
|
"framework-gap-analysis",
|
|
@@ -80,36 +75,22 @@
|
|
|
80
75
|
"identity-assurance",
|
|
81
76
|
"idp-incident-response",
|
|
82
77
|
"incident-response-playbook",
|
|
83
|
-
"kernel-lpe-triage",
|
|
84
|
-
"log-injection-telemetry",
|
|
85
78
|
"mcp-agent-trust",
|
|
86
|
-
"mlops-security",
|
|
87
|
-
"multitenancy-isolation",
|
|
88
|
-
"network-trust",
|
|
89
|
-
"ot-ics-security",
|
|
90
79
|
"policy-exception-gen",
|
|
91
80
|
"pqc-first",
|
|
92
|
-
"privacy-consent-ops",
|
|
93
|
-
"rag-pipeline-security",
|
|
94
81
|
"ransomware-response",
|
|
95
82
|
"researcher",
|
|
96
83
|
"sector-energy",
|
|
97
84
|
"sector-federal-government",
|
|
98
|
-
"sector-financial",
|
|
99
|
-
"sector-healthcare",
|
|
100
85
|
"sector-telecom",
|
|
101
|
-
"security-maturity-tiers",
|
|
102
|
-
"self-update-integrity",
|
|
103
86
|
"skill-update-loop",
|
|
104
87
|
"supply-chain-integrity",
|
|
105
88
|
"threat-model-currency",
|
|
106
89
|
"threat-modeling-methodology",
|
|
107
|
-
"
|
|
108
|
-
"webapp-security",
|
|
109
|
-
"zeroday-gap-learn"
|
|
90
|
+
"webapp-security"
|
|
110
91
|
],
|
|
111
92
|
"example_excerpts": {},
|
|
112
|
-
"skill_count":
|
|
93
|
+
"skill_count": 31
|
|
113
94
|
},
|
|
114
95
|
"AU": {
|
|
115
96
|
"skills": [
|
|
@@ -138,13 +119,11 @@
|
|
|
138
119
|
"kernel-lpe-triage",
|
|
139
120
|
"log-injection-telemetry",
|
|
140
121
|
"mcp-agent-trust",
|
|
141
|
-
"mlops-security",
|
|
142
122
|
"multitenancy-isolation",
|
|
143
123
|
"ot-ics-security",
|
|
144
124
|
"policy-exception-gen",
|
|
145
125
|
"pqc-first",
|
|
146
126
|
"privacy-consent-ops",
|
|
147
|
-
"rag-pipeline-security",
|
|
148
127
|
"ransomware-response",
|
|
149
128
|
"researcher",
|
|
150
129
|
"sector-energy",
|
|
@@ -162,72 +141,51 @@
|
|
|
162
141
|
"zeroday-gap-learn"
|
|
163
142
|
],
|
|
164
143
|
"example_excerpts": {},
|
|
165
|
-
"skill_count":
|
|
144
|
+
"skill_count": 45
|
|
166
145
|
},
|
|
167
146
|
"SG": {
|
|
168
147
|
"skills": [
|
|
169
|
-
"age-gates-child-safety",
|
|
170
|
-
"ai-attack-surface",
|
|
171
|
-
"api-security",
|
|
172
|
-
"cloud-iam-incident",
|
|
173
|
-
"cloud-security",
|
|
174
148
|
"container-runtime-security",
|
|
175
|
-
"coordinated-vuln-disclosure",
|
|
176
|
-
"email-security-anti-phishing",
|
|
177
149
|
"framework-gap-analysis",
|
|
178
150
|
"global-grc",
|
|
179
151
|
"identity-assurance",
|
|
180
|
-
"incident-response-playbook",
|
|
181
|
-
"mcp-agent-trust",
|
|
182
|
-
"mlops-security",
|
|
183
152
|
"researcher",
|
|
184
|
-
"sector-federal-government",
|
|
185
153
|
"sector-financial",
|
|
186
|
-
"sector-healthcare",
|
|
187
|
-
"sector-telecom",
|
|
188
154
|
"threat-modeling-methodology",
|
|
189
155
|
"webapp-security"
|
|
190
156
|
],
|
|
191
157
|
"example_excerpts": {},
|
|
192
|
-
"skill_count":
|
|
158
|
+
"skill_count": 8
|
|
193
159
|
},
|
|
194
160
|
"JP": {
|
|
195
161
|
"skills": [
|
|
196
162
|
"age-gates-child-safety",
|
|
197
|
-
"ai-risk-management",
|
|
198
163
|
"api-security",
|
|
199
164
|
"cloud-iam-incident",
|
|
200
|
-
"cloud-security",
|
|
201
165
|
"container-runtime-security",
|
|
202
|
-
"coordinated-vuln-disclosure",
|
|
203
166
|
"dlp-gap-analysis",
|
|
204
167
|
"email-security-anti-phishing",
|
|
205
168
|
"framework-gap-analysis",
|
|
206
169
|
"global-grc",
|
|
207
170
|
"identity-assurance",
|
|
208
171
|
"incident-response-playbook",
|
|
209
|
-
"mlops-security",
|
|
210
172
|
"ot-ics-security",
|
|
211
173
|
"pqc-first",
|
|
212
|
-
"ransomware-response",
|
|
213
174
|
"sector-energy",
|
|
214
175
|
"sector-federal-government",
|
|
215
176
|
"sector-financial",
|
|
216
177
|
"sector-healthcare",
|
|
217
|
-
"sector-telecom",
|
|
218
178
|
"supply-chain-integrity",
|
|
219
179
|
"threat-modeling-methodology",
|
|
220
180
|
"webapp-security"
|
|
221
181
|
],
|
|
222
182
|
"example_excerpts": {},
|
|
223
|
-
"skill_count":
|
|
183
|
+
"skill_count": 19
|
|
224
184
|
},
|
|
225
185
|
"IN": {
|
|
226
186
|
"skills": [
|
|
227
187
|
"age-gates-child-safety",
|
|
228
188
|
"ai-risk-management",
|
|
229
|
-
"api-security",
|
|
230
|
-
"cloud-security",
|
|
231
189
|
"dlp-gap-analysis",
|
|
232
190
|
"email-security-anti-phishing",
|
|
233
191
|
"framework-gap-analysis",
|
|
@@ -242,51 +200,36 @@
|
|
|
242
200
|
"threat-modeling-methodology"
|
|
243
201
|
],
|
|
244
202
|
"example_excerpts": {},
|
|
245
|
-
"skill_count":
|
|
203
|
+
"skill_count": 14
|
|
246
204
|
},
|
|
247
205
|
"CA": {
|
|
248
206
|
"skills": [
|
|
249
207
|
"age-gates-child-safety",
|
|
250
|
-
"ai-c2-detection",
|
|
251
|
-
"cloud-iam-incident",
|
|
252
|
-
"cloud-security",
|
|
253
|
-
"defensive-countermeasure-mapping",
|
|
254
208
|
"dlp-gap-analysis",
|
|
255
209
|
"framework-gap-analysis",
|
|
256
210
|
"global-grc",
|
|
257
|
-
"identity-assurance",
|
|
258
211
|
"idp-incident-response",
|
|
259
|
-
"
|
|
260
|
-
"sector-energy",
|
|
261
|
-
"sector-federal-government",
|
|
262
|
-
"sector-financial",
|
|
263
|
-
"sector-healthcare",
|
|
264
|
-
"sector-telecom",
|
|
265
|
-
"self-update-integrity",
|
|
266
|
-
"skill-update-loop",
|
|
267
|
-
"zeroday-gap-learn"
|
|
212
|
+
"sector-financial"
|
|
268
213
|
],
|
|
269
214
|
"example_excerpts": {},
|
|
270
|
-
"skill_count":
|
|
215
|
+
"skill_count": 6
|
|
271
216
|
},
|
|
272
217
|
"BR": {
|
|
273
218
|
"skills": [
|
|
274
219
|
"age-gates-child-safety",
|
|
275
220
|
"ai-risk-management",
|
|
276
|
-
"api-security",
|
|
277
221
|
"cloud-security",
|
|
278
222
|
"dlp-gap-analysis",
|
|
279
223
|
"framework-gap-analysis",
|
|
280
224
|
"global-grc",
|
|
281
225
|
"incident-response-playbook",
|
|
282
226
|
"pqc-first",
|
|
283
|
-
"sector-financial",
|
|
284
227
|
"sector-healthcare",
|
|
285
228
|
"supply-chain-integrity",
|
|
286
229
|
"threat-modeling-methodology"
|
|
287
230
|
],
|
|
288
231
|
"example_excerpts": {},
|
|
289
|
-
"skill_count":
|
|
232
|
+
"skill_count": 11
|
|
290
233
|
},
|
|
291
234
|
"CN": {
|
|
292
235
|
"skills": [
|
|
@@ -315,53 +258,33 @@
|
|
|
315
258
|
"skill_count": 1
|
|
316
259
|
},
|
|
317
260
|
"AE": {
|
|
318
|
-
"skills": [
|
|
319
|
-
"incident-response-playbook",
|
|
320
|
-
"sector-financial"
|
|
321
|
-
],
|
|
261
|
+
"skills": [],
|
|
322
262
|
"example_excerpts": {},
|
|
323
|
-
"skill_count":
|
|
263
|
+
"skill_count": 0
|
|
324
264
|
},
|
|
325
265
|
"SA": {
|
|
326
266
|
"skills": [
|
|
327
267
|
"age-gates-child-safety",
|
|
328
|
-
"compliance-theater",
|
|
329
|
-
"defensive-countermeasure-mapping",
|
|
330
268
|
"dlp-gap-analysis",
|
|
331
|
-
"
|
|
332
|
-
"fuzz-testing-strategy",
|
|
333
|
-
"global-grc",
|
|
334
|
-
"mcp-agent-trust",
|
|
335
|
-
"mlops-security",
|
|
336
|
-
"pqc-first",
|
|
337
|
-
"sector-energy",
|
|
338
|
-
"sector-federal-government",
|
|
339
|
-
"sector-financial",
|
|
340
|
-
"sector-healthcare",
|
|
341
|
-
"supply-chain-integrity",
|
|
342
|
-
"zeroday-gap-learn"
|
|
269
|
+
"sector-financial"
|
|
343
270
|
],
|
|
344
271
|
"example_excerpts": {},
|
|
345
|
-
"skill_count":
|
|
272
|
+
"skill_count": 3
|
|
346
273
|
},
|
|
347
274
|
"NZ": {
|
|
348
|
-
"skills": [
|
|
349
|
-
"sector-financial",
|
|
350
|
-
"sector-telecom"
|
|
351
|
-
],
|
|
275
|
+
"skills": [],
|
|
352
276
|
"example_excerpts": {},
|
|
353
|
-
"skill_count":
|
|
277
|
+
"skill_count": 0
|
|
354
278
|
},
|
|
355
279
|
"KR": {
|
|
356
280
|
"skills": [
|
|
357
281
|
"age-gates-child-safety",
|
|
358
282
|
"dlp-gap-analysis",
|
|
359
283
|
"framework-gap-analysis",
|
|
360
|
-
"global-grc"
|
|
361
|
-
"supply-chain-integrity"
|
|
284
|
+
"global-grc"
|
|
362
285
|
],
|
|
363
286
|
"example_excerpts": {},
|
|
364
|
-
"skill_count":
|
|
287
|
+
"skill_count": 4
|
|
365
288
|
},
|
|
366
289
|
"CL": {
|
|
367
290
|
"skills": [],
|
|
@@ -371,8 +294,6 @@
|
|
|
371
294
|
"IL": {
|
|
372
295
|
"skills": [
|
|
373
296
|
"ai-risk-management",
|
|
374
|
-
"api-security",
|
|
375
|
-
"cloud-iam-incident",
|
|
376
297
|
"cloud-security",
|
|
377
298
|
"container-runtime-security",
|
|
378
299
|
"coordinated-vuln-disclosure",
|
|
@@ -394,7 +315,7 @@
|
|
|
394
315
|
"webapp-security"
|
|
395
316
|
],
|
|
396
317
|
"example_excerpts": {},
|
|
397
|
-
"skill_count":
|
|
318
|
+
"skill_count": 20
|
|
398
319
|
},
|
|
399
320
|
"CH": {
|
|
400
321
|
"skills": [
|
|
@@ -423,74 +344,33 @@
|
|
|
423
344
|
},
|
|
424
345
|
"TW": {
|
|
425
346
|
"skills": [
|
|
426
|
-
"cloud-security",
|
|
427
347
|
"container-runtime-security",
|
|
428
|
-
"dlp-gap-analysis",
|
|
429
|
-
"framework-gap-analysis",
|
|
430
348
|
"global-grc",
|
|
431
349
|
"ot-ics-security",
|
|
432
350
|
"pqc-first",
|
|
433
351
|
"supply-chain-integrity"
|
|
434
352
|
],
|
|
435
353
|
"example_excerpts": {},
|
|
436
|
-
"skill_count":
|
|
354
|
+
"skill_count": 5
|
|
437
355
|
},
|
|
438
356
|
"ID": {
|
|
439
357
|
"skills": [
|
|
440
|
-
"age-gates-child-safety",
|
|
441
|
-
"ai-attack-surface",
|
|
442
|
-
"ai-c2-detection",
|
|
443
358
|
"ai-risk-management",
|
|
444
|
-
"api-security",
|
|
445
|
-
"attack-surface-pentest",
|
|
446
|
-
"cloud-iam-incident",
|
|
447
|
-
"cloud-security",
|
|
448
|
-
"compliance-theater",
|
|
449
|
-
"container-runtime-security",
|
|
450
|
-
"coordinated-vuln-disclosure",
|
|
451
|
-
"defensive-countermeasure-mapping",
|
|
452
359
|
"dlp-gap-analysis",
|
|
453
|
-
"email-security-anti-phishing",
|
|
454
|
-
"exploit-scoring",
|
|
455
360
|
"framework-gap-analysis",
|
|
456
|
-
"fuzz-testing-strategy",
|
|
457
361
|
"global-grc",
|
|
458
362
|
"identity-assurance",
|
|
459
|
-
"idp-incident-response",
|
|
460
|
-
"incident-response-playbook",
|
|
461
|
-
"kernel-lpe-triage",
|
|
462
|
-
"mcp-agent-trust",
|
|
463
|
-
"mlops-security",
|
|
464
363
|
"ot-ics-security",
|
|
465
|
-
"policy-exception-gen",
|
|
466
364
|
"pqc-first",
|
|
467
|
-
"
|
|
468
|
-
"ransomware-response",
|
|
469
|
-
"researcher",
|
|
470
|
-
"sector-energy",
|
|
471
|
-
"sector-federal-government",
|
|
472
|
-
"sector-financial",
|
|
473
|
-
"sector-healthcare",
|
|
474
|
-
"sector-telecom",
|
|
475
|
-
"skill-update-loop",
|
|
476
|
-
"supply-chain-integrity",
|
|
477
|
-
"threat-model-currency",
|
|
478
|
-
"threat-modeling-methodology",
|
|
479
|
-
"webapp-security",
|
|
480
|
-
"zeroday-gap-learn"
|
|
365
|
+
"supply-chain-integrity"
|
|
481
366
|
],
|
|
482
367
|
"example_excerpts": {},
|
|
483
|
-
"skill_count":
|
|
368
|
+
"skill_count": 8
|
|
484
369
|
},
|
|
485
370
|
"VN": {
|
|
486
|
-
"skills": [
|
|
487
|
-
"dlp-gap-analysis",
|
|
488
|
-
"framework-gap-analysis",
|
|
489
|
-
"global-grc",
|
|
490
|
-
"supply-chain-integrity"
|
|
491
|
-
],
|
|
371
|
+
"skills": [],
|
|
492
372
|
"example_excerpts": {},
|
|
493
|
-
"skill_count":
|
|
373
|
+
"skill_count": 0
|
|
494
374
|
},
|
|
495
375
|
"US_NYDFS": {
|
|
496
376
|
"skills": [
|
|
@@ -520,33 +400,26 @@
|
|
|
520
400
|
},
|
|
521
401
|
"NO": {
|
|
522
402
|
"skills": [
|
|
523
|
-
"mail-server-hardening",
|
|
524
403
|
"sector-energy",
|
|
525
404
|
"skill-update-loop"
|
|
526
405
|
],
|
|
527
406
|
"example_excerpts": {},
|
|
528
|
-
"skill_count":
|
|
407
|
+
"skill_count": 2
|
|
529
408
|
},
|
|
530
409
|
"MX": {
|
|
531
|
-
"skills": [
|
|
532
|
-
"sector-financial"
|
|
533
|
-
],
|
|
410
|
+
"skills": [],
|
|
534
411
|
"example_excerpts": {},
|
|
535
|
-
"skill_count":
|
|
412
|
+
"skill_count": 0
|
|
536
413
|
},
|
|
537
414
|
"AR": {
|
|
538
|
-
"skills": [
|
|
539
|
-
"age-gates-child-safety"
|
|
540
|
-
],
|
|
415
|
+
"skills": [],
|
|
541
416
|
"example_excerpts": {},
|
|
542
|
-
"skill_count":
|
|
417
|
+
"skill_count": 0
|
|
543
418
|
},
|
|
544
419
|
"TR": {
|
|
545
|
-
"skills": [
|
|
546
|
-
"sector-telecom"
|
|
547
|
-
],
|
|
420
|
+
"skills": [],
|
|
548
421
|
"example_excerpts": {},
|
|
549
|
-
"skill_count":
|
|
422
|
+
"skill_count": 0
|
|
550
423
|
},
|
|
551
424
|
"TH": {
|
|
552
425
|
"skills": [],
|
|
@@ -19,7 +19,7 @@
|
|
|
19
19
|
"steps": [
|
|
20
20
|
{
|
|
21
21
|
"skill": "ai-attack-surface",
|
|
22
|
-
"why": "Comprehensive attack-surface inventory mapped to ATLAS
|
|
22
|
+
"why": "Comprehensive attack-surface inventory mapped to ATLAS v2026.05 with gap flags."
|
|
23
23
|
},
|
|
24
24
|
{
|
|
25
25
|
"skill": "ai-c2-detection",
|