nsauditor-ai-agent-skill 0.2.3 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/SKILL.md +1 -1
  3. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -4,6 +4,10 @@ Release notes for **`nsauditor-ai-agent-skill`** — installable knowledge packa
4
4
 
5
5
  ---
6
6
 
7
+ ## 0.2.4 (2026-06-05) — Paired-release pin for EE 0.18.3 + CE 0.2.4 — GCP IAM + Azure Key Vault false-negative hardening III
8
+
9
+ Paired no-op bump (SKILL.md version banner only; SKILL.md body + `references/plugins.md` UNCHANGED). EE 0.18.3 closes three cloud false-negatives: Azure Key Vault narrow-verb custom roles — a role granting only a data-plane crypto/extraction verb (`decrypt`/`wrap`/`unwrap`/`release`/`backup`/…) is now flagged (plugin 1222); the GCP IAM impersonation-BFS depth-cap truncation now fail-closes to a completeness evidence-gap instead of "zero reachability paths" (plugin 1025 H3); and the googleapis-SDK-absent path now fail-closes the GCP IAM dims to compliance-routed evidence-gaps (plugin 1025 M2). Plugin count UNCHANGED at 28; all six coverage matrices UNCHANGED at the count level.
10
+
7
11
  ## 0.2.3 (2026-06-05) — Paired-release pin for EE 0.18.2 + CE 0.2.3 — scan_cloud evidence-gap visibility (end-to-end)
8
12
 
9
13
  Paired no-op bump (no agent-skill content change beyond the SKILL.md version banner; SKILL.md body + `references/plugins.md` UNCHANGED). EE 0.18.2 + CE 0.2.3 make the no-false-clean evidence-gaps the cloud plugins emit **visible through the MCP `scan_cloud` transport, end-to-end**: the CE collector renders a dedicated "Evidence gaps (unverified)" section, and a new EE CI producer-contract guarantees every cloud plugin (AWS / Azure / GCP) marks its scan-coverage gaps so they reach it (retrofitted AWS S3 1020 + Azure 1220/1221/1222 + AWS IAM 1030). EE 0.18.2 also hardens the hand-rolled source scanners against a regex-literal desync (including the ZDE read-only security meta-test, where it could have masked a mutating cloud call) and adds the proprietary `LICENSE` / EULA (now shipped in the package) + per-file copyright headers. Plugin count UNCHANGED at 28; all six coverage matrices UNCHANGED.
package/SKILL.md CHANGED
@@ -16,7 +16,7 @@ description: >
16
16
 
17
17
  # NSAuditor AI — Agent Skill
18
18
 
19
- > **Version:** 0.2.3 (post-EE 0.18.2scan_cloud evidence-gap visibility end-to-end) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
19
+ > **Version:** 0.2.4 (post-EE 0.18.3GCP IAM + Azure Key Vault false-negative hardening III) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
20
20
 
21
21
  NSAuditor AI is a modular, AI-assisted network security audit platform with 27+ scanner
22
22
  plugins, CVE matching, MITRE ATT&CK mapping, and Zero Data Exfiltration by design. This
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nsauditor-ai-agent-skill",
3
- "version": "0.2.3",
3
+ "version": "0.2.4",
4
4
  "description": "AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.",
5
5
  "keywords": [
6
6
  "nsauditor",