nsauditor-ai-agent-skill 0.2.8 → 0.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/SKILL.md +1 -1
  3. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -4,6 +4,10 @@ Release notes for **`nsauditor-ai-agent-skill`** — installable knowledge packa
4
4
 
5
5
  ---
6
6
 
7
+ ## 0.2.9 (2026-06-11) — Paired release for EE 0.19.4 + CE 0.2.9 — Routing-Integrity Hardening
8
+
9
+ Paired no-op bump (knowledge-package version sync; SKILL.md body + `references/plugins.md` UNCHANGED — no change to the MCP tool/plugin schemas this skill documents). EE 0.19.4 closes the routing-integrity false-clean class: a generic build-time routing guard (complete-partition `nativeFrameworks` allowlist) so no marked evidence-gap routes to zero controls + GuardDuty (1200) dedupe/class-O routing + a single-source `MULTI_REGION_GAP_PREFIX`; a deferred-scope unmark across 8 plugins (capability boundary ≠ evidence-gap → the MCP "unverified" list shrinks); the 1160 AWS-default VPC-endpoint full-access policy down-rated CRITICAL→MEDIUM with its 3 policy-gap emissions routed (SOC 2 CC6.6 / HIPAA 164.312(a)(1) + PCI 1.4.1 / ISO A.8.22 / CIS 12.2); 1150 SQS/SNS alarm-independence (alarm posture classified even under a `Get*Attributes` deny; all four alarm-coverage-unverifiable causes fail-close soc2{A1.2,CC7.2}+hipaa{164.312(b)}). **PCI DSS matrix shifts 20/8/39 → 19/9/39** (Req 7.2.2 covered→partial, backed by 1030 over-privilege mapping). Plugin count UNCHANGED at 28; the other five matrices UNCHANGED.
10
+
7
11
  ## 0.2.8 (2026-06-09) — Paired release for EE 0.19.3 + CE 0.2.8 — MCP affordance + class-O truncation sweep
8
12
 
9
13
  Version sync for a cycle that **changes documented MCP behavior** (input schemas unchanged; the skill's existing `scan_cloud` guidance remains correct): CE 0.2.8's `scan_cloud` tool description now enumerates the per-service coverage (AWS S3/IAM/KMS/CloudTrail/CodePipeline-CodeBuild SoD/Lambda/API GW/DynamoDB/RDS/SQS-SNS/Secrets/Backup/VPC endpoints/SG perimeter/ElastiCache/SES/GuardDuty · Azure KV/Storage/NSG/RBAC · GCP firewall/storage/impersonation) + the 6 frameworks, so agents route service-named audit asks to the scanner; the `[⚠ EVIDENCE GAP]` summary lines lead with the GAP clause and carry the first actionable clause as an `· actionable:` companion (internal routing tags stripped). EE 0.19.3: Lambda inline-credential env-var names + the `AWS_LAMBDA_`/`AWS_XRAY_` exclusion-prefix evasion bypass (1080); truncation/AccessDenied evidence-gaps across 8 AWS auditors now fail-close their sources' native controls in all six frameworks (class-O sweep incl. the 1110 P-16 grant-bypass); a new Azure NSG Dim 2a flags restricted-port exposure to the tenant-rentable `AzureCloud`/`AzureCloud.<region>` service tags (1221); public-subnet Redis replication groups no longer silently downgrade (1180). Plugin count UNCHANGED at 28; all six coverage matrices UNCHANGED at the count level.
package/SKILL.md CHANGED
@@ -16,7 +16,7 @@ description: >
16
16
 
17
17
  # NSAuditor AI — Agent Skill
18
18
 
19
- > **Version:** 0.2.8 (post-EE 0.19.3MCP affordance + class-O truncation sweep: the `scan_cloud` tool description now enumerates per-service coverage so agents route service-named audit asks to it; evidence-gap list lines lead with the GAP clause + carry an actionable:` companion; truncation/AccessDenied evidence-gaps across 8 AWS auditors fail-close their native controls; new Azure NSG AzureCloud service-tag exposure dimension [1221]; Lambda inline-credential env-var names + exclusion-prefix bypass [1080]) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
19
+ > **Version:** 0.2.9 (post-EE 0.19.4Routing-Integrity Hardening: a build-time routing guard fails the build on any marked evidence-gap that maps to zero compliance controls + GuardDuty [1200] dedupe/class-O routing; a deferred-scope unmark across 8 plugins shrinks the MCP "unverified" list; the 1160 AWS-default VPC-endpoint policy down-rated CRITICAL→MEDIUM with cross-framework routing [PCI 1.4.1 / ISO A.8.22 / CIS 12.2]; 1150 SQS/SNS alarm-independence alarm posture survives a `Get*Attributes` deny, all four `alarm-coverage-unverifiable` causes fail-close; PCI DSS 7.2.2 covered→partial, matrix 20/8/39→19/9/39) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
20
20
 
21
21
  NSAuditor AI is a modular, AI-assisted network security audit platform with 27+ scanner
22
22
  plugins, CVE matching, MITRE ATT&CK mapping, and Zero Data Exfiltration by design. This
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nsauditor-ai-agent-skill",
3
- "version": "0.2.8",
3
+ "version": "0.2.9",
4
4
  "description": "AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.",
5
5
  "keywords": [
6
6
  "nsauditor",