@blamejs/exceptd-skills 0.16.9 → 0.16.11

package/lib/cve-curation.js

@@ -177,7 +177,7 @@ function severityWord(score) {
 // (b) compute `residual_warnings` after an apply.
 const REQUIRED_SCHEMA_FIELDS = [
   "name", "type", "cvss_score", "cvss_vector", "cisa_kev",
-  "poc_available", "ai_discovered", "active_exploitation",
+  "poc_available", "ai_discovered", "ai_assisted_weaponization", "active_exploitation",
   "affected", "affected_versions", "vector",
   "patch_available", "patch_required_reboot", "live_patch_available",
   "framework_control_gaps", "atlas_refs", "attack_refs",
@@ -285,13 +285,11 @@ function buildQuestionnaire(cveId, draft) {
   // object via loadJsonRaw's ENOENT handling, so the ATT&CK candidate
   // questionnaire branch always returned zero proposals.
   const attack = loadJson("data/attack-techniques.json");
-  const cwe = loadJson("data/cwe-catalog.json");
   const frameworkGaps = loadJson("data/framework-control-gaps.json");
 
   const atlasCandidates = pickCandidates(draftDigest, atlas, "ttp_id", "description");
   const attackCandidates = pickCandidates(draftDigest, attack, "ttp_id", "description");
   // CWE candidates surface as part of the vector question — not its own field.
-  void cwe;
   const frameworkCandidates = pickCandidates(draftDigest, frameworkGaps, "control_id", "description");
 
   // Build the editorial-questions list. Each entry names the catalog field,
@@ -479,7 +477,7 @@ function buildQuestionnaire(cveId, draft) {
  *     poc_description: "...",
  *     ai_discovered: false,
  *     ai_assisted_weaponization: false,
- *     active_exploitation: "confirmed" | "suspected" | "none" | "unknown",
+ *     active_exploitation: "confirmed" | "suspected" | "theoretical" | "none" | "unknown",
  *     vector: "...",
  *     complexity: "...",
  *     patch_available: true,

package/lib/flag-suggest.js

@@ -115,7 +115,7 @@ const VERB_FLAG_ALLOWLIST = Object.freeze({
     'apply', 'dry-run', 'from-cache', 'from-fixture', 'network', 'source',
     'advisory', 'check-advisories', 'force-stale', 'force-stale-acked', 'air-gap', 'swarm',
   ],
-  prefetch: ['source', 'cache-dir', 'max-age', 'force', 'no-network', 'quiet'],
+  prefetch: ['source', 'cache-dir', 'max-age', 'force', 'no-network'],
 });
 
 /**

package/lib/lint-skills.js

@@ -150,6 +150,7 @@ function printHelp() {
     'Usage: node lib/lint-skills.js [--skill <name>] [--quiet]\n' +
       '\n' +
       '  --skill <name>  Lint only the named skill from manifest.json.\n' +
+      '  --strict        Promote warnings to release-blocking failures.\n' +
       '  --quiet         Suppress per-skill PASS output; show failures only.\n' +
       '  --help          Show this message.\n',
   );

package/lib/playbook-runner.js

@@ -1104,7 +1104,7 @@ function analyze(playbookId, directiveId, detectResult, agentSignals = {}, runOp
   // Aliasing: playbooks ship rwep_factor values `public_poc` and
   // `ai_weaponization` for what F5 calls `poc_available` and `ai_factor`.
   // Both spellings resolve here.
-  const _activeExploitationLadder = { confirmed: 1.0, suspected: 0.5, unknown: 0.25, none: 0 };
+  const _activeExploitationLadder = { confirmed: 1.0, suspected: 0.5, unknown: 0.25, theoretical: 0, none: 0 };
   const _factorScale = (factorName, cve, blastScore) => {
     if (!cve) return 0;
     switch (factorName) {
@@ -2595,7 +2595,7 @@ function buildEvidenceBundle(format, playbook, analyze, validate, agentSignals,
     // CSAF 2.0 consumers, while preserving the operator's exact label in the
     // free-form `text` field. (CLEAR≡WHITE; AMBER+STRICT carries AMBER's
     // disclosure scope plus a stricter handling note.)
-    const CSAF_TLP_LABEL = { CLEAR: 'WHITE', 'AMBER+STRICT': 'AMBER', GREEN: 'GREEN', AMBER: 'AMBER', RED: 'RED' };
+    const CSAF_TLP_LABEL = { CLEAR: 'WHITE', GREEN: 'GREEN', AMBER: 'AMBER', 'AMBER+STRICT': 'AMBER', RED: 'RED' };
     const csafDistribution = (runOpts.tlp && allowedTlp.has(runOpts.tlp))
       ? { tlp: { label: CSAF_TLP_LABEL[runOpts.tlp] }, text: `TLP:${runOpts.tlp}` }
       : null;

package/lib/scoring.js

@@ -108,7 +108,7 @@ function score(cveId, catalog) {
  *   - cisa_kev, poc_available, ai_assisted_weapon, ai_discovered,
  *     patch_available, live_patch_available, reboot_required: boolean
  *     (or null, treated as false with a missing-field warning).
- *   - active_exploitation: 'none' | 'unknown' | 'suspected' | 'confirmed'.
+ *   - active_exploitation: 'none' | 'unknown' | 'suspected' | 'theoretical' | 'confirmed'.
  *   - blast_radius: integer in [0, 30] (clamped at the weight ceiling but
  *     flagged when out-of-range — out-of-range usually means a unit error).
  */
@@ -126,7 +126,7 @@ function validateFactors(factors) {
       warnings.push(`${f}: expected boolean, got ${typeof factors[f]} (${JSON.stringify(factors[f])})`);
     }
   }
-  const aeAllowed = ['none', 'unknown', 'suspected', 'confirmed'];
+  const aeAllowed = ['none', 'unknown', 'suspected', 'theoretical', 'confirmed'];
   if (factors.active_exploitation === undefined || factors.active_exploitation === null) {
     warnings.push("active_exploitation: missing (treated as 'none')");
   } else if (!aeAllowed.includes(factors.active_exploitation)) {
@@ -261,7 +261,7 @@ function deriveRwepFromFactors(factors) {
   if (!factors || typeof factors !== 'object') return 0;
   const values = Object.values(factors);
   if (values.length === 0) return 0;
-  const aeAllowed = new Set(['none', 'unknown', 'suspected', 'confirmed']);
+  const aeAllowed = new Set(['none', 'unknown', 'suspected', 'theoretical', 'confirmed']);
   const hasBooleanOrLadder = values.some(
     (v) => typeof v === 'boolean' || (typeof v === 'string' && aeAllowed.has(v)),
   );

package/lib/validate-playbooks.js

@@ -554,7 +554,6 @@ function checkCrossRefs(playbook, ctx, playbookIds) {
  * `informational: false`.
  */
 function checkMutexReciprocity(playbooks) {
-  const findings = [];
   const mutexMap = new Map();
   for (const pb of playbooks) {
     if (!pb.data || !pb.data._meta || !pb.data._meta.id) continue;
@@ -574,7 +573,6 @@ function checkMutexReciprocity(playbooks) {
       }
     }
   }
-  findings.push(byPlaybook);
   return byPlaybook;
 }
 

package/manifest-snapshot.json

@@ -1,8 +1,8 @@
 {
   "_comment": "Auto-generated by scripts/refresh-manifest-snapshot.js — do not hand-edit. Public skill surface used by check-manifest-snapshot.js to detect breaking removals.",
-  "_generated_at": "2026-05-19T15:30:13.951Z",
+  "_generated_at": "2026-06-02T15:45:27.118Z",
   "atlas_version": "5.6.0",
-  "skill_count": 42,
+  "skill_count": 43,
   "skills": [
     {
       "name": "age-gates-child-safety",
@@ -2023,6 +2023,61 @@
       "d3fend_refs": [],
       "dlp_refs": []
     },
+    {
+      "name": "vc-wallet-trust",
+      "version": "1.0.0",
+      "triggers": [
+        "credential revocation",
+        "credential verifier",
+        "dcql",
+        "did:web",
+        "digital wallet",
+        "eidas 2.0",
+        "eudi wallet",
+        "iso 18013-5",
+        "mdl",
+        "mdoc",
+        "oid4vci",
+        "oid4vp",
+        "openid federation",
+        "presentation exchange",
+        "sd-jwt-vc",
+        "status list",
+        "trust anchor",
+        "verifiable credential"
+      ],
+      "data_deps": [
+        "atlas-ttps.json",
+        "attack-techniques.json",
+        "cve-catalog.json",
+        "cwe-catalog.json",
+        "framework-control-gaps.json",
+        "rfc-references.json"
+      ],
+      "atlas_refs": [],
+      "attack_refs": [
+        "T1550",
+        "T1556",
+        "T1606"
+      ],
+      "framework_gaps": [
+        "ISO-27001-2022-A.5.16-Federated",
+        "NIS2-Art-21-Federated-Identity",
+        "NIST-800-53-IA-5-Federated",
+        "NIST-800-63B-rev4",
+        "UK-CAF-B2"
+      ],
+      "rfc_refs": [],
+      "cwe_refs": [
+        "CWE-200",
+        "CWE-290",
+        "CWE-347",
+        "CWE-672",
+        "CWE-863"
+      ],
+      "d3fend_refs": [],
+      "dlp_refs": []
+    },
     {
       "name": "webapp-security",
       "version": "1.0.0",

package/manifest-snapshot.sha256

@@ -1 +1 @@
-f9823302d0ebe26ddd017b2cee3e01d2fa3e9803c34b49014574fe009c962a6d  manifest-snapshot.json
+3d9a53fa10f7c9842903252192f1f838bec422b99ed9562be9fd7aef88dacf20  manifest-snapshot.json

package/manifest.json

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.16.9",
+  "version": "0.16.11",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -53,7 +53,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "0H+JfyUVmo/pVFEi5rLENATHjlukPVUqnOWmNPEH77wm8svKGK0aNJ46k6QU5GdHb8c9X9pVJKiuhON6AxDjDw==",
-      "signed_at": "2026-06-02T05:38:21.342Z",
+      "signed_at": "2026-06-02T15:49:13.845Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -123,7 +123,7 @@
       ],
       "last_threat_review": "2026-05-17",
       "signature": "PHwHEsoy7ctBYOtlAfAdCDVfsq2Bpk9+qESSF+5dVkDcez2zp2v9Ihsv2vqMEs3QxMndyQ+t7NVezyt5VamSCg==",
-      "signed_at": "2026-06-02T05:38:21.345Z",
+      "signed_at": "2026-06-02T15:49:13.846Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -196,7 +196,7 @@
       ],
       "last_threat_review": "2026-05-17",
       "signature": "dD4p7lcRtMyfITOncqLkpOeMy6x6gM0V7UlWHgLEdcxqODb1s75ar1cBtTqDWPbMv6ZAzVo2HJLDK1hVjjU2AQ==",
-      "signed_at": "2026-06-02T05:38:21.345Z",
+      "signed_at": "2026-06-02T15:49:13.846Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -248,7 +248,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-22",
       "signature": "wsw8Mlr/gyw6S7Iaao9BVHdU5LFPWl8WVymW17Lkq9J1Mui0+fCrTg6UbrsaeE3s7EW3TVgzBuK+8EFd1+H5AA==",
-      "signed_at": "2026-06-02T05:38:21.346Z"
+      "signed_at": "2026-06-02T15:49:13.847Z"
     },
     {
       "name": "compliance-theater",
@@ -279,7 +279,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "uVTc1QRKOKcIVDajBz+q2egjiEAyOQaDNsvVI2ghj5FD0VvquoUBBE5Naca2FkaZa790EHWCsVZ4hhdaSQs2DQ==",
-      "signed_at": "2026-06-02T05:38:21.347Z"
+      "signed_at": "2026-06-02T15:49:13.847Z"
     },
     {
       "name": "exploit-scoring",
@@ -308,7 +308,7 @@
       ],
       "last_threat_review": "2026-05-18",
       "signature": "QuNpwnZ6HkCEAXTPC/jLbXSmMIc1JnBczqZAAIZmZj8OcEMVnw9mJYAnU3CxaEI7rvbcMkN2uS5E8yUCm/NiAg==",
-      "signed_at": "2026-06-02T05:38:21.347Z"
+      "signed_at": "2026-06-02T15:49:13.848Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -345,7 +345,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "5rw2i39SxY2WphBbDLEP28wufnbPPE9+PWt54hmaGdwHXr9RLiVt5liL/5xp14sehlVgFsfpR/bg9vy//xV0DA==",
-      "signed_at": "2026-06-02T05:38:21.347Z",
+      "signed_at": "2026-06-02T15:49:13.848Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -405,7 +405,7 @@
       ],
       "last_threat_review": "2026-05-17",
       "signature": "Vqu49nzntFWjn9A/QeJzm7q/2xk/cZJ6HFQKtiNi1zgcxzXKm+MlFdkaLgYHWj5/9HJohxyIDyBJQTvcJ20eDQ==",
-      "signed_at": "2026-06-02T05:38:21.348Z",
+      "signed_at": "2026-06-02T15:49:13.848Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -440,7 +440,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-22",
       "signature": "W87VdyVdAxAdcRI6P/8StaV+MS8ZSPKM9HOCK9n/bBO6BM3ZSE3uImVoyJVpAXQlUpUGN+A3lCJZXv64LuxwDg==",
-      "signed_at": "2026-06-02T05:38:21.348Z",
+      "signed_at": "2026-06-02T15:49:13.848Z",
       "cwe_refs": [
         "CWE-1188"
       ],
@@ -474,7 +474,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-18",
       "signature": "wdVX+edeNekpaIldqkhvtraV6DquLvIsKAjuZVwPQYn3l1vS99HXuFxmNsD7UeMlO3qgC6Dysfsto9EnuH0RBg==",
-      "signed_at": "2026-06-02T05:38:21.348Z",
+      "signed_at": "2026-06-02T15:49:13.849Z",
       "forward_watch": [
         "New AI attack classes as ATLAS v6 publishes",
         "Post-quantum adversary capability timeline",
@@ -513,7 +513,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "b5miTiY0cnxETd2btxorfZBdJKt/fLnQx20sGYUb9zEqGqtm0LMLpghkW68j4/9k48KNyuGMtNWiKTSnodUGBw==",
-      "signed_at": "2026-06-02T05:38:21.349Z"
+      "signed_at": "2026-06-02T15:49:13.849Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -540,7 +540,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-18",
       "signature": "xbkip0AQtWQKAu+O6r/gYECNjezS6O9k9xkkJsYbMlr+j8CdqH3p5/0l+GZmDidImRC/DL07GCnKrk9HRR/yDQ==",
-      "signed_at": "2026-06-02T05:38:21.349Z",
+      "signed_at": "2026-06-02T15:49:13.850Z",
       "forward_watch": [
         "New CISA KEV entries",
         "New ATLAS TTP additions in each ATLAS release",
@@ -604,7 +604,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "li2NnC1oeVIr22ComP5QbcQoh5xpWITuaKpza1s2SsUkH6kGnnt4wFfFAzaC1ORmH9x2cr8hN8kaNANG/eIMBQ==",
-      "signed_at": "2026-06-02T05:38:21.350Z",
+      "signed_at": "2026-06-02T15:49:13.850Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -652,7 +652,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "sZHlJ7ueHPdtzVbR+yXQ5+wKgNyjWsa1LKVg9aWTmg/Onl71DvEILMyJiLpPQjseT56Mnr1DMYJE8xOGlffBAw==",
-      "signed_at": "2026-06-02T05:38:21.350Z"
+      "signed_at": "2026-06-02T15:49:13.850Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -689,7 +689,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "3AwFnEJu6DukPPNep/3SnuPWEuV060fJEQIwThFm7ujmdbFk0/Ii0XwGv1dkvbbK7ymMdOQpp35l4aLONAucDA==",
-      "signed_at": "2026-06-02T05:38:21.350Z",
+      "signed_at": "2026-06-02T15:49:13.851Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -724,7 +724,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "iJWevUBurLvt2v8X+Ch2eHmZkPWpKeAtIpxTIP4MwbUHyco3igDeBywJCyaR2vURYRx8LkzzIMM8DxQM4LAXBQ==",
-      "signed_at": "2026-06-02T05:38:21.351Z"
+      "signed_at": "2026-06-02T15:49:13.851Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -796,7 +796,7 @@
         "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — Microsoft Edge 4-bug sandbox escape by Orange Tsai (DEVCORE); forward-watch only (browser sandbox, out of current playbook scope); track Microsoft Edge security advisory and KEV add"
       ],
       "signature": "DDMzI+4En4aIkwBUCGW6nj1eEkCyLqHGn2LJ2rnwWfYatjPI1U5HrTZNAN/n9JqWtAzk8F3rmsKehaaz5iNWDA==",
-      "signed_at": "2026-06-02T05:38:21.351Z"
+      "signed_at": "2026-06-02T15:49:13.851Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -856,7 +856,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "dJB0iAstIUbyny+udl3OIkaLScEmqS97LNP73yQ8mxt+0bcqxZjpfXaWLzLuIQblGYvUvz75/H6rO2EJuGd4AQ==",
-      "signed_at": "2026-06-02T05:38:21.351Z"
+      "signed_at": "2026-06-02T15:49:13.852Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -931,7 +931,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "KEAoMji3VcPX/ZXXqVe6OStxSkTssfY9fIRPyPcDYqh50GzOFQ6koNOTBVAiWOvjDjQ38g12xun5srbqgmvRAw==",
-      "signed_at": "2026-06-02T05:38:21.352Z"
+      "signed_at": "2026-06-02T15:49:13.852Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -1010,7 +1010,7 @@
         "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Megatron Bridge path traversal by haehae; AI training-stack file-system trust boundary; track patch and SBOM-attestation impact"
       ],
       "signature": "zuW8T0EMbVV83GsUP/W20Use2gBTicBW021T0sY7qsRY/U5qsPWkXYIWp3SdiKLTIKqTEd/0T7LQebjIs2QKCA==",
-      "signed_at": "2026-06-02T05:38:21.352Z"
+      "signed_at": "2026-06-02T15:49:13.852Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1067,7 +1067,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "Qe0Hg9BrX3Zm5pj0n2z/oiHbAXWdA2Dq461zc4izkkUjEX2CZ02rODjCI2ELbrVOU3GC7edxqAxA+5U/ObnHDQ==",
-      "signed_at": "2026-06-02T05:38:21.352Z"
+      "signed_at": "2026-06-02T15:49:13.853Z"
     },
     {
       "name": "identity-assurance",
@@ -1134,7 +1134,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "UV3458QXSkEpenzrOmdlTTfPHUD4hNyKMDHoeZDq/kiFb4mAG0ghQGTTgI9Ru8cJbSmYM1++m9N5TFIJ6JJPBg==",
-      "signed_at": "2026-06-02T05:38:21.353Z"
+      "signed_at": "2026-06-02T15:49:13.853Z"
     },
     {
       "name": "ot-ics-security",
@@ -1190,7 +1190,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "kIVzsPsJ72PzzWQwTuvjoHHoVEDCday5I52M9ohjB3/Ak+zlA8oyWLO/BKb/XuYY4fOApjfxTErSWv5uHQ2zDw==",
-      "signed_at": "2026-06-02T05:38:21.353Z"
+      "signed_at": "2026-06-02T15:49:13.853Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1242,7 +1242,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "bWr27Q1uN9xCe1ib4QulszBa7YIDNkGqo72k5nm2cK98LyPblicD+sO9MnGckAyB22BTN/cIB+FwFMcI5IxvBw==",
-      "signed_at": "2026-06-02T05:38:21.353Z"
+      "signed_at": "2026-06-02T15:49:13.854Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1292,7 +1292,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "Q854yzLqXdOazc6EyQbZzgAlivuq2vGFDVUCrxSldSvx/HX/ZM/uzmJyP7aBG7ZsMHxj6Lmj/H82YQoo1e+NCQ==",
-      "signed_at": "2026-06-02T05:38:21.354Z"
+      "signed_at": "2026-06-02T15:49:13.854Z"
     },
     {
       "name": "webapp-security",
@@ -1366,7 +1366,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "4ccahkJpGJZtwD7EBpnGcN0sEGPMEw8eqV+tvePVS04YAkLgYVWtlkasI/8n0be9xB+77x+Sjj3kIi2j2Lf9CA==",
-      "signed_at": "2026-06-02T05:38:21.354Z",
+      "signed_at": "2026-06-02T15:49:13.854Z",
       "forward_watch": [
         "NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; AI-assisted discovery angle; track for active-exploitation confirmation and patch advisory affecting front-door web app deployments"
       ]
@@ -1419,7 +1419,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-15",
       "signature": "SBB7c3wNYfIdkyOp4g4nW0WP7xS+YokMzg32aaeJdbf14LTGQRzQUvSqb2TCj2HFUSHESOyKT1JpkAfyHLSQBQ==",
-      "signed_at": "2026-06-02T05:38:21.355Z"
+      "signed_at": "2026-06-02T15:49:13.854Z"
     },
     {
       "name": "sector-healthcare",
@@ -1479,7 +1479,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "U04GNLyRas1VmfEsB8khH4iqFZPwx96sPY0Kw9iVsSPU+KTeEFqwgtWK1X1pzgb+T16Pc7HSrCaXDOpTFvQEDw==",
-      "signed_at": "2026-06-02T05:38:21.355Z"
+      "signed_at": "2026-06-02T15:49:13.855Z"
     },
     {
       "name": "sector-financial",
@@ -1560,7 +1560,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "xbylLqNPBuEsFE/MNVeGy/01K6yiJXMxQbzC1F4RWU5aseDGbNy5HrAv2JWI2+Aft05ozreNPjccvu66yJ5EBw==",
-      "signed_at": "2026-06-02T05:38:21.355Z"
+      "signed_at": "2026-06-02T15:49:13.855Z"
     },
     {
       "name": "sector-federal-government",
@@ -1629,7 +1629,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "C9c3JuBhUbwcb7uZpDdy+PNT8sYmYIxzD4uRHu421ePW1aSFJ8fkMvuTzSO8vD/F/jOOg5opM4kov/xSAn+qCg==",
-      "signed_at": "2026-06-02T05:38:21.356Z"
+      "signed_at": "2026-06-02T15:49:13.856Z"
     },
     {
       "name": "sector-energy",
@@ -1694,7 +1694,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "oz8Q5WVaY8au4IjbaZahx/DSaC00Q44ylSL3mDkTerCEpW/EyPUeiLeGxSrWxBCwVFEKSSJvnhJjhvX5lDPcCg==",
-      "signed_at": "2026-06-02T05:38:21.356Z"
+      "signed_at": "2026-06-02T15:49:13.856Z"
     },
     {
       "name": "sector-telecom",
@@ -1780,7 +1780,7 @@
         "O-RAN SFG / WG11 security specifications"
       ],
       "signature": "NAtyzfLPXlUuB78Snb9nWmbZalC1CNlIYN9rYhdEmtB/xQGC6vVnThgrEAHlm7v/jMCFuknvEpUHKdscUnUADw==",
-      "signed_at": "2026-06-02T05:38:21.357Z"
+      "signed_at": "2026-06-02T15:49:13.856Z"
     },
     {
       "name": "api-security",
@@ -1849,7 +1849,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-18",
       "signature": "1UTjZNC5Lyrgw93LAizdXVeSmv3jS8YQNT1db5OKsldub50+o1FXmAH4+3MxZozaOGDCX3yXbdDJSJaaSmfuAA==",
-      "signed_at": "2026-06-02T05:38:21.357Z",
+      "signed_at": "2026-06-02T15:49:13.857Z",
       "forward_watch": [
         "NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; track for active-exploitation confirmation and patch advisory affecting API gateway / reverse-proxy deployments",
         "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — LiteLLM 3-bug SSRF + Code Injection chain by k3vg3n; LLM-proxy API surface; track upstream patch and CVE assignments",
@@ -1935,7 +1935,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "EdsY4xe7YA8X8m+KZUbq49JwoCXgRKEz2eg3m86O37rvBmpm8ppvl9hrsekygvpBh2VmCHL2dEYiOD8OM2n7CA==",
-      "signed_at": "2026-06-02T05:38:21.357Z"
+      "signed_at": "2026-06-02T15:49:13.857Z"
     },
     {
       "name": "container-runtime-security",
@@ -1997,7 +1997,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-15",
       "signature": "fnLKPLkjjRCJ/F9wdmZ1w1lXmqEJvTYkv6Uu+9OTd5vZTWKz3QMuxKOsas+ctCdOvTaeloqPUUprXx+ZZdDpCg==",
-      "signed_at": "2026-06-02T05:38:21.358Z",
+      "signed_at": "2026-06-02T15:49:13.857Z",
       "forward_watch": [
         "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Container Toolkit container escape ($50K award) by chompie / IBM X-Force XOR; high-severity container/hypervisor boundary break; track patch and KEV add post-embargo"
       ]
@@ -2071,7 +2071,7 @@
         "MITRE ATLAS v5.6.0 (released May 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: subsequent ATLAS minor and major releases — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
       ],
       "signature": "t3dkdpTX04zvjitEeOJThpgjurLd1UO9GOut4LXSZgY3ULhfknI4zT7G5+m2RSZZTo7yyeZrwpg+7vEg9K6mAw==",
-      "signed_at": "2026-06-02T05:38:21.358Z"
+      "signed_at": "2026-06-02T15:49:13.858Z"
     },
     {
       "name": "incident-response-playbook",
@@ -2133,7 +2133,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "+1kmtA6rAvIyDjjy+cJHK6BcfylyVsa5cUjRFijlFR9GsQfB93JnmkEJOqML50pdlcxtJI3yUodHpL3/YJGtCA==",
-      "signed_at": "2026-06-02T05:38:21.359Z"
+      "signed_at": "2026-06-02T15:49:13.858Z"
     },
     {
       "name": "ransomware-response",
@@ -2213,7 +2213,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "h48ASCz63aBfHzLKxMVDADMuT4atriK0iE6bJeVzZTsx/e8+hyv4fLP7+zYxT9Oe0Gss3v/Xy+t+Wd9uwzV+Aw==",
-      "signed_at": "2026-06-02T05:38:21.359Z"
+      "signed_at": "2026-06-02T15:49:13.858Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2266,7 +2266,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-18",
       "signature": "FVBn4ex2qPIo9SHMVJ6tntoz4tVwjbIq3m6wDjjZyv2JODlS+90GBYCOkNamxxkmw/6de6SMs0YHQiF/xjo/DQ==",
-      "signed_at": "2026-06-02T05:38:21.359Z"
+      "signed_at": "2026-06-02T15:49:13.859Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2334,7 +2334,7 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "ZHVdGWCcfG98tSVB0b9mwrsYwv71V3uUEl+6ss7omSQhmNvqV5s6MAZM5YladBt9MK/8T/zBrTYN4gAonOP+BQ==",
-      "signed_at": "2026-06-02T05:38:21.360Z"
+      "signed_at": "2026-06-02T15:49:13.859Z"
     },
     {
       "name": "cloud-iam-incident",
@@ -2414,7 +2414,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "r9ii4nb3HJELdtKCGF5qy9PHOiot3GC24yfxfGAKlLENHkdRvRkvvL99eV/6RXyfUaMyrnc2Te8tPQcNu5bsDg==",
-      "signed_at": "2026-06-02T05:38:21.360Z",
+      "signed_at": "2026-06-02T15:49:13.859Z",
       "forward_watch": [
         "AWS IAM Identity Center session-policy refresh and step-up-on-admin enforcement (anticipated 2026-H2 release)",
         "GCP Workload Identity Federation principal-set attribute mapping tightening (post-2026 Q3 Federation hardening guide)",
@@ -2508,7 +2508,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "9mfDtMApMAg9V/lmwpniNxo/6gNZoOEoYDfyFvyWvKrPMtc7H9F8uz06FVoARe/J49saAKTVXOurNE1D/KtpCQ==",
-      "signed_at": "2026-06-02T05:38:21.360Z",
+      "signed_at": "2026-06-02T15:49:13.860Z",
       "forward_watch": [
         "Entra ID conditional access evolution post-Midnight Blizzard — Microsoft's 2025-2026 commitments on legacy-tenant MFA enforcement and OAuth-app consent gating",
         "Okta IPSIE (Interoperability Profile for Secure Identity in the Enterprise) OpenID Foundation working-group output and adoption timeline",
@@ -2522,10 +2522,69 @@
         "Cross-tenant access settings evolution at Entra ID — partner-tenant attestation cadence and revocation latency",
         "PSD3 / PSR final text on agent-initiated payments and the IdP-mediated agent-attestation surface"
       ]
+    },
+    {
+      "name": "vc-wallet-trust",
+      "version": "1.0.0",
+      "path": "skills/vc-wallet-trust/skill.md",
+      "description": "Verifiable-credential / digital-wallet verifier trust for mid-2026 — SD-JWT-VC, OID4VCI/OID4VP, mdoc (ISO 18013-5), DID resolution, OAuth Token Status List revocation, OpenID Federation trust anchors, and the EUDI wallet (eIDAS 2.0) acceptance path",
+      "triggers": [
+        "verifiable credential",
+        "digital wallet",
+        "sd-jwt-vc",
+        "oid4vp",
+        "oid4vci",
+        "mdoc",
+        "mdl",
+        "iso 18013-5",
+        "eudi wallet",
+        "eidas 2.0",
+        "did:web",
+        "status list",
+        "credential revocation",
+        "openid federation",
+        "trust anchor",
+        "credential verifier",
+        "presentation exchange",
+        "dcql"
+      ],
+      "data_deps": [
+        "cve-catalog.json",
+        "atlas-ttps.json",
+        "attack-techniques.json",
+        "framework-control-gaps.json",
+        "cwe-catalog.json",
+        "rfc-references.json"
+      ],
+      "atlas_refs": [],
+      "attack_refs": [
+        "T1556",
+        "T1606",
+        "T1550"
+      ],
+      "framework_gaps": [
+        "NIST-800-63B-rev4",
+        "NIST-800-53-IA-5-Federated",
+        "ISO-27001-2022-A.5.16-Federated",
+        "NIS2-Art-21-Federated-Identity",
+        "UK-CAF-B2"
+      ],
+      "rfc_refs": [],
+      "cwe_refs": [
+        "CWE-347",
+        "CWE-290",
+        "CWE-863",
+        "CWE-200",
+        "CWE-672"
+      ],
+      "d3fend_refs": [],
+      "last_threat_review": "2026-06-02",
+      "signature": "dOFgANMtHm64uSFRjMfeA0fWZS9ISwMTt59I2CbjaF1PgTtbtb8yg/f+3pC4eXcXIET0KPGxRRmENycfIz3rAw==",
+      "signed_at": "2026-06-02T15:49:13.860Z"
     }
   ],
   "manifest_signature": {
     "algorithm": "Ed25519",
-    "signature_base64": "hW45T3BHJnmyURDqY+OF6bc2AnaT/ECyyNZA31VQEKyqg0QsEtTY2Cb1znzf2Bjolx47T0dUptAamW36T0ZDCg=="
+    "signature_base64": "5cDMIZABmkBps7QeG6P1qaB5YPs/QBvhOow4UbwZXX9atChL73fK8XZkybKgCC8WarVC8n1nIZOd8e16tqoKDw=="
   }
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.16.9",
-  "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 11 catalogs (427 CVEs / 173 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
+  "version": "0.16.11",
+  "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 43 skills, 11 catalogs (439 CVEs / 174 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
   "keywords": [
     "ai-security",
     "ai-skills",