@blamejs/exceptd-skills 0.16.9 → 0.16.11

package/data/_indexes/trigger-table.json

@@ -1626,5 +1626,59 @@
   ],
   "tenant compromise": [
     "idp-incident-response"
+  ],
+  "verifiable credential": [
+    "vc-wallet-trust"
+  ],
+  "digital wallet": [
+    "vc-wallet-trust"
+  ],
+  "sd-jwt-vc": [
+    "vc-wallet-trust"
+  ],
+  "oid4vp": [
+    "vc-wallet-trust"
+  ],
+  "oid4vci": [
+    "vc-wallet-trust"
+  ],
+  "mdoc": [
+    "vc-wallet-trust"
+  ],
+  "mdl": [
+    "vc-wallet-trust"
+  ],
+  "iso 18013-5": [
+    "vc-wallet-trust"
+  ],
+  "eudi wallet": [
+    "vc-wallet-trust"
+  ],
+  "eidas 2.0": [
+    "vc-wallet-trust"
+  ],
+  "did:web": [
+    "vc-wallet-trust"
+  ],
+  "status list": [
+    "vc-wallet-trust"
+  ],
+  "credential revocation": [
+    "vc-wallet-trust"
+  ],
+  "openid federation": [
+    "vc-wallet-trust"
+  ],
+  "trust anchor": [
+    "vc-wallet-trust"
+  ],
+  "credential verifier": [
+    "vc-wallet-trust"
+  ],
+  "presentation exchange": [
+    "vc-wallet-trust"
+  ],
+  "dcql": [
+    "vc-wallet-trust"
   ]
 }

package/data/_indexes/xref.json

@@ -13,7 +13,8 @@
       "kernel-lpe-triage"
     ],
     "CWE-672": [
-      "kernel-lpe-triage"
+      "kernel-lpe-triage",
+      "vc-wallet-trust"
     ],
     "CWE-787": [
       "attack-surface-pentest",
@@ -133,6 +134,7 @@
       "cloud-security",
       "dlp-gap-analysis",
       "sector-healthcare",
+      "vc-wallet-trust",
       "webapp-security"
     ],
     "CWE-1357": [
@@ -195,6 +197,7 @@
       "identity-assurance",
       "idp-incident-response",
       "sector-financial",
+      "vc-wallet-trust",
       "webapp-security"
     ],
     "CWE-1037": [
@@ -207,6 +210,12 @@
     ],
     "CWE-284": [
       "idp-incident-response"
+    ],
+    "CWE-347": [
+      "vc-wallet-trust"
+    ],
+    "CWE-290": [
+      "vc-wallet-trust"
     ]
   },
   "d3fend_refs": {
@@ -534,7 +543,8 @@
       "supply-chain-integrity"
     ],
     "NIST-800-63B-rev4": [
-      "identity-assurance"
+      "identity-assurance",
+      "vc-wallet-trust"
     ],
     "PSD2-RTS-SCA": [
       "identity-assurance",
@@ -622,10 +632,12 @@
       "cloud-iam-incident"
     ],
     "NIST-800-53-IA-5-Federated": [
-      "idp-incident-response"
+      "idp-incident-response",
+      "vc-wallet-trust"
     ],
     "ISO-27001-2022-A.5.16-Federated": [
-      "idp-incident-response"
+      "idp-incident-response",
+      "vc-wallet-trust"
     ],
     "SOC2-CC6-OAuth-Consent": [
       "idp-incident-response"
@@ -637,13 +649,17 @@
       "idp-incident-response"
     ],
     "NIS2-Art-21-Federated-Identity": [
-      "idp-incident-response"
+      "idp-incident-response",
+      "vc-wallet-trust"
     ],
     "DORA-Art-19-IdP-4h": [
       "idp-incident-response"
     ],
     "OFAC-Sanctions-Threat-Actor-Negotiation": [
       "idp-incident-response"
+    ],
+    "UK-CAF-B2": [
+      "vc-wallet-trust"
     ]
   },
   "atlas_refs": {
@@ -822,7 +838,8 @@
     ],
     "T1556": [
       "identity-assurance",
-      "sector-telecom"
+      "sector-telecom",
+      "vc-wallet-trust"
     ],
     "T1110": [
       "identity-assurance"
@@ -890,6 +907,12 @@
     ],
     "T1606.002": [
       "idp-incident-response"
+    ],
+    "T1606": [
+      "vc-wallet-trust"
+    ],
+    "T1550": [
+      "vc-wallet-trust"
     ]
   },
   "rfc_refs": {

package/data/cwe-catalog.json

@@ -533,6 +533,7 @@
       "cloud-security",
       "dlp-gap-analysis",
       "sector-healthcare",
+      "vc-wallet-trust",
       "webapp-security"
     ],
     "evidence_cves": [
@@ -1527,7 +1528,8 @@
     ],
     "related_attack_patterns_capec": [],
     "skills_referencing": [
-      "kernel-lpe-triage"
+      "kernel-lpe-triage",
+      "vc-wallet-trust"
     ],
     "evidence_cves": [
       "CVE-2026-46300",
@@ -1833,6 +1835,7 @@
       "identity-assurance",
       "idp-incident-response",
       "sector-financial",
+      "vc-wallet-trust",
       "webapp-security"
     ],
     "evidence_cves": [
@@ -2565,7 +2568,10 @@
       "CVE-2025-59718"
     ],
     "last_verified": "2026-05-18",
-    "notes": "Added v0.13.17 KEV bulk-import."
+    "notes": "Added v0.13.17 KEV bulk-import.",
+    "skills_referencing": [
+      "vc-wallet-trust"
+    ]
   },
   "CWE-476": {
     "id": "CWE-476",
@@ -2922,7 +2928,10 @@
       "CVE-2024-54085"
     ],
     "last_verified": "2026-05-18",
-    "notes": "Added v0.13.17 KEV bulk-import round 2."
+    "notes": "Added v0.13.17 KEV bulk-import round 2.",
+    "skills_referencing": [
+      "vc-wallet-trust"
+    ]
   },
   "CWE-399": {
     "id": "CWE-399",

package/data/playbooks/cred-stores.json

@@ -48,6 +48,7 @@
       "runtime",
       "secrets",
       "supply-chain-recovery",
+      "vc-wallet-trust",
       "webhook-callback-abuse"
     ]
   },
@@ -739,7 +740,9 @@
             "user_enrolled_in_sso == true"
           ],
           "priority": 1,
-          "for_signals": ["aws-static-key-present"],
+          "for_signals": [
+            "aws-static-key-present"
+          ],
           "compensating_controls": [
             "iam-key-deactivated",
             "cloudtrail-monitor-on-old-key-for-residual-use"
@@ -753,7 +756,9 @@
             "org_has_workforce_identity_pool == true OR user_has_authorized_user_credentials == true"
           ],
           "priority": 1,
-          "for_signals": ["gcp-service-account-json-adc"],
+          "for_signals": [
+            "gcp-service-account-json-adc"
+          ],
           "compensating_controls": [
             "gcp-key-deleted",
             "gcp-audit-log-monitor-on-old-key"
@@ -767,7 +772,9 @@
             "cluster_supports_oidc == true OR cluster_is_managed_cloud_k8s == true"
           ],
           "priority": 1,
-          "for_signals": ["kube-static-token"],
+          "for_signals": [
+            "kube-static-token"
+          ],
           "compensating_controls": [
             "kube-token-revoked",
             "k8s-audit-log-monitor-on-old-token"
@@ -781,7 +788,9 @@
             "target_registry_supports_cred_helper == true"
           ],
           "priority": 1,
-          "for_signals": ["docker-cleartext-auth"],
+          "for_signals": [
+            "docker-cleartext-auth"
+          ],
           "compensating_controls": [
             "docker-token-rotated"
           ],
@@ -794,7 +803,10 @@
             "org_authority_to_rotate == true"
           ],
           "priority": 2,
-          "for_signals": ["npm-pat-present","pypi-token-present"],
+          "for_signals": [
+            "npm-pat-present",
+            "pypi-token-present"
+          ],
           "compensating_controls": [
             "token-scope-tightened",
             "publish-mfa-required"
@@ -808,7 +820,9 @@
             "file_owner_is_current_user"
           ],
           "priority": 2,
-          "for_signals": ["credentials-file-bad-perms"],
+          "for_signals": [
+            "credentials-file-bad-perms"
+          ],
           "compensating_controls": [],
           "estimated_time_hours": 0.25
         },
@@ -819,7 +833,10 @@
             "all_authorized_hosts_known == true"
           ],
           "priority": 2,
-          "for_signals": ["ssh-key-rsa-short-bits","ssh-key-old"],
+          "for_signals": [
+            "ssh-key-rsa-short-bits",
+            "ssh-key-old"
+          ],
           "compensating_controls": [
             "ssh-key-inventory-updated"
           ],

package/data/playbooks/framework.json

@@ -63,6 +63,7 @@
       "ransomware",
       "sbom",
       "supply-chain-recovery",
+      "vc-wallet-trust",
       "webhook-callback-abuse"
     ]
   },
@@ -723,7 +724,10 @@
             "upstream_findings_actionable == true"
           ],
           "priority": 1,
-          "for_signals": ["audit-clean-with-active-finding","compound-theater"],
+          "for_signals": [
+            "audit-clean-with-active-finding",
+            "compound-theater"
+          ],
           "compensating_controls": [],
           "estimated_time_hours": 16
         },
@@ -734,7 +738,9 @@
             "compensating_control_design_feasible == true"
           ],
           "priority": 2,
-          "for_signals": ["framework-lag-no-compensating-control"],
+          "for_signals": [
+            "framework-lag-no-compensating-control"
+          ],
           "compensating_controls": [
             "test_cadence_recorded_in_change_management"
           ],
@@ -747,7 +753,9 @@
             "exception_register_exists == true"
           ],
           "priority": 3,
-          "for_signals": ["exception-missing-expiry-or-owner"],
+          "for_signals": [
+            "exception-missing-expiry-or-owner"
+          ],
           "compensating_controls": [
             "exception_review_cadence_documented"
           ],
@@ -760,7 +768,9 @@
             "jurisdictional_footprint_documented == true"
           ],
           "priority": 4,
-          "for_signals": ["jurisdiction-without-framework"],
+          "for_signals": [
+            "jurisdiction-without-framework"
+          ],
           "compensating_controls": [
             "mapping_review_cadence_documented"
           ],
@@ -773,7 +783,9 @@
             "ai_in_production == true"
           ],
           "priority": 5,
-          "for_signals": ["ai-use-without-ai-controls"],
+          "for_signals": [
+            "ai-use-without-ai-controls"
+          ],
           "compensating_controls": [],
           "estimated_time_hours": 80
         },

package/data/playbooks/identity-sso-compromise.json

@@ -60,6 +60,9 @@
         "playbook_id": "framework",
         "condition": "analyze.compliance_theater_check.verdict == 'theater'"
       }
+    ],
+    "fed_by": [
+      "vc-wallet-trust"
     ]
   },
   "domain": {
@@ -672,7 +675,15 @@
             "rule_authoring_capacity_within_72h == true"
           ],
           "priority": 1,
-          "for_signals": ["out-of-window-global-admin-grant","high-impact-oauth-consent-grant","conditional-access-exclusion-membership-change","federation-signing-cert-added","refresh-token-hoarding-by-sp","prt-claim-anomaly","okta-class-support-session"],
+          "for_signals": [
+            "out-of-window-global-admin-grant",
+            "high-impact-oauth-consent-grant",
+            "conditional-access-exclusion-membership-change",
+            "federation-signing-cert-added",
+            "refresh-token-hoarding-by-sp",
+            "prt-claim-anomaly",
+            "okta-class-support-session"
+          ],
           "compensating_controls": [
             "rule_set_recorded_in_iac",
             "rule_test_suite_in_ci"
@@ -687,7 +698,9 @@
             "break_glass_inventory_complete == true"
           ],
           "priority": 2,
-          "for_signals": ["conditional-access-exclusion-membership-change"],
+          "for_signals": [
+            "conditional-access-exclusion-membership-change"
+          ],
           "compensating_controls": [
             "exclusion_group_membership_alert_active",
             "quarterly_attestation_recorded"
@@ -702,7 +715,9 @@
             "business_owner_engagement_secured == true"
           ],
           "priority": 2,
-          "for_signals": ["high-impact-oauth-consent-grant"],
+          "for_signals": [
+            "high-impact-oauth-consent-grant"
+          ],
           "compensating_controls": [
             "consent_revocation_recorded",
             "re_grant_requires_documented_justification"
@@ -717,7 +732,9 @@
             "downstream_dependent_apps_can_tolerate_rotation_window == true"
           ],
           "priority": 1,
-          "for_signals": ["federation-signing-cert-added"],
+          "for_signals": [
+            "federation-signing-cert-added"
+          ],
           "compensating_controls": [
             "rotation_recorded_in_change_management",
             "old_cert_signed_assertions_quarantined_for_review"