exceptd Security

AI security skills grounded in mid-2026 threat reality, not framework documentation from 2020.

Core premise: Every major security and compliance tool on the market is still operating on stale threat models. NIST 800-53, ISO 27001, SOC 2, and PCI-DSS were written for network-centric, on-prem or early-cloud environments. They have no controls for AI pipeline integrity, MCP/agent tool trust boundaries, LLM prompt injection as an access control failure, page-cache exploitation bypassing filesystem integrity checks, or ephemeral infrastructure where traditional asset inventory is architecturally impossible.

This platform surfaces what is actually happening right now. Every skill explicitly flags where a compliance framework's control is insufficient for current attack patterns. The framework is often the problem, not the org.

Status

Pre-1.0. Latest release lives on GitHub Releases and on npm as @blamejs/exceptd-skills (signed npm provenance attestation). 42 skills across kernel LPE, AI attack surface, MCP trust, RAG security, AI-API C2 detection, PQC migration, framework gap analysis, compliance theater, exploit scoring, threat-model currency, zero-day learning, global GRC, policy exception generation, security maturity tiers, skill update loop, attack-surface pen testing, fuzz testing, DLP gap analysis, supply-chain integrity, defensive-countermeasure mapping, identity assurance, OT/ICS security, coordinated vulnerability disclosure, threat-modeling methodology, child-safety age gates, plus sector packs (federal, financial, healthcare, energy) — and a researcher triage dispatcher. 10 data catalogs cover CVE / ATLAS / ATT&CK / CWE / D3FEND / DLP / RFC / framework gaps / global frameworks / zero-day lessons. 35 jurisdictions tracked. AI-consumer ergonomics: data/_indexes/ ships 17 pre-computed indexes (xref / chains / dispatch / DiD ladders / theater fingerprints / recipes / token budget / currency / activity feed) regenerated by npm run build-indexes. External-data refresh is automated nightly via .github/workflows/refresh.yml — KEV/EPSS/NVD/RFC drift opens an auto-PR with deltas pre-applied; KEV adds new CVEs and IETF discovery auto-imports new RFCs across 48 project-relevant working groups (_auto_imported annotation flags entries for human curation); ATLAS/ATT&CK/CWE/D3FEND version bumps open an issue (audit required per AGENTS.md Hard Rule #12). exceptd doctor --signatures prints dual SHA-256 + SHA3-512 public-key fingerprints for out-of-band key pinning. exceptd discover probes 22 PQC algorithms across the full NIST + IETF emerging landscape. exceptd framework-gap <framework> <scenario> provides a non-AI programmatic runner for the framework-gap skill.

v0.10.0 introduced the seven-phase playbook contract — exceptd ships playbooks under data/playbooks/*.json that host AIs (Claude Code, Cursor, Gemini CLI, Codex) execute through seven phases: govern → direct → look → detect → analyze → validate → close. exceptd owns govern / direct / analyze / validate / close (knowledge + GRC layer); the host AI owns look / detect (artifact collection + indicator evaluation with its native Bash/Read/Grep/Glob).

v0.11.0 collapses the 21-verb CLI into 11 canonical verbs + flips the default output to human-readable. The new surface: discover (scan cwd → recommend playbooks), brief (unified info doc, replaces plan + govern + direct + look), run (phases 4-7, with flat or nested submission shape, auto-detect cwd context), ai-run (JSONL streaming variant for AI conversational flow), attest (subverbs: list / show / export / verify / diff — replaces reattest + list-attestations), doctor (one-shot health check — signatures + currency + cve/rfc validation + signing status), ci (one-shot CI gate, exit-2 on detected or rwep ≥ escalate), ask (plain-English routing), lint (pre-flight submission shape check). Attestation root moved from cwd-relative .exceptd/ to ~/.exceptd/attestations/<repo-or-host-tag>/. v0.10.x verbs (plan/govern/direct/look/scan/dispatch/currency/verify/validate-cves/validate-rfcs/watchlist/prefetch/build-indexes/ingest/reattest/list-attestations) still work via one-time deprecation banner — scheduled for removal in v0.13.

v0.11 series — CLI ergonomics and signature-verify hardening: mutex filesystem lockfile, --vex filter, --ci exit-code gating, --diff-from-latest, --operator/--ack attestation binding, --format <fmt> transforms output for run and ci, ask synonym routing, lint shares the normalize contract with the runner, CSAF/SARIF/OpenVEX bundles include indicator hits and framework gaps for posture-only playbooks, CSAF current_release_date populated, SARIF rule definitions for every ruleId, doctor --fix repairs a missing private key, --strict-preconditions flag, default human output for attest list and lint on TTY. Regression coverage at tests/operator-bugs.test.js catches re-introductions at npm test.

Skill Inventory

Triage & Dispatch

researcher Front-door triage skill for raw threat intel. Takes a CVE ID, ATLAS TTP, vendor advisory, framework control ID, or incident narrative; cross-joins it across data/cve-catalog.json, data/atlas-ttps.json, data/framework-control-gaps.json, data/zeroday-lessons.json, data/exploit-availability.json, and data/global-frameworks.json; produces a one-page RWEP-anchored dispatch report; routes the operator to the right specialized skill(s). Start here when the input is "here's a thing, tell me what to do with it".

Kernel & Privilege Escalation

kernel-lpe-triage Assess Linux kernel local privilege escalation exposure. Covers Copy Fail (CVE-2026-31431, CISA KEV, 732-byte deterministic root, all Linux since 2017), Dirty Frag (CVE-2026-43284/CVE-2026-43500, page-cache chain via ESP/IPsec and RxRPC). Outputs: exposure score, live-patch vs. reboot remediation path, compensating controls, framework gap declaration.

AI-Specific Attack Surface

ai-attack-surface Comprehensive AI/ML attack surface assessment mapped to MITRE ATLAS v5.4.0 with explicit gap flags. Covers prompt injection as enterprise RCE (CVE-2025-53773 CVSS 7.8, 85%+ bypass rate against SOTA defenses), MCP supply chain RCE (CVE-2026-30615, zero user interaction, 150M+ downloads), RAG exfiltration, model poisoning, AI-assisted exploit development (41% of 2025 zero-days), credential theft acceleration (160% increase).

mcp-agent-trust Enumerate MCP (Model Context Protocol) trust boundary failures. Covers tool allowlisting gaps, unsigned server manifests, prompt injection via tool responses, supply chain compromise. CVE-2026-30615 (Windsurf, zero-interaction RCE). Generates: tool allowlist policy, server signing requirements, bearer auth config, output sanitization requirements.

rag-pipeline-security RAG-specific threat model with no current framework coverage. Embedding manipulation for data exfiltration, vector store poisoning, chunking attacks, retrieval filter bypass, indirect prompt injection via retrieved documents. ATLAS-mapped. Generates: retrieval audit controls, anomaly detection requirements, output monitoring policy.

ai-c2-detection Detect adversary use of AI APIs as covert command-and-control (SesameOp case study, ATLAS AML.T0096). PROMPTFLUX/PROMPTSTEAL malware families that query LLMs during execution for real-time evasion. Outputs: behavioral baseline model, detection signatures, network monitoring rules, incident response playbook.

Framework & Compliance

framework-gap-analysis Feed a compliance framework control ID and a threat scenario — receive: what the control was designed for, why it is insufficient against current TTPs, which attacker technique exploits the gap, what a real control would require. Built-in gap mappings for NIST 800-53, ISO 27001:2022, SOC 2, PCI-DSS 4.0, NIS2, DORA, CIS v8.

compliance-theater Identify where an organization passes an audit but remains exposed. Seven documented compliance theater patterns with specific detection tests. Outputs: theater score per control domain, exposure summary, auditor-facing remediation language, evidence gap list.

global-grc Multi-jurisdiction GRC mapping. Covers EU (GDPR Art. 32, NIS2, DORA, EU AI Act, EU CRA), UK (Cyber Essentials Plus, NCSC CAF), Australia (ISM, ASD Essential 8, APRA CPS 234), Singapore (MAS TRM, CSA CCoP), Japan (METI, NISC), India (CERT-In, SEBI), Canada (OSFI B-10), and global (ISO 27001:2022, CSA CCM v4, CIS Controls v8). Identifies universal gaps that no jurisdiction's framework covers.

policy-exception-gen Generate defensible policy exceptions for architectural realities frameworks don't accommodate. Templates for: ephemeral/serverless infrastructure (no traditional asset inventory), AI pipelines (continuous opaque model updates), zero trust architecture (no network perimeter), live-system no-reboot patching. Each exception includes compensating controls, risk acceptance language, and auditor-ready justification.

Risk Intelligence

exploit-scoring Real-World Exploit Priority (RWEP) scoring beyond CVSS. Factors: CISA KEV status (0.25), public PoC (0.20), AI-assisted weaponization (0.15), active exploitation (0.20), patch availability (-0.15), live-patch availability (-0.10), blast radius (0.15). Pre-calculated RWEP scores for all CVEs in data/cve-catalog.json. Outputs RWEP alongside CVSS with plain-language priority guidance.

threat-model-currency Score how current an organization's threat model is against 2026 threat reality. Checklist of 14 current threat classes against documented model coverage. Outputs: currency percentage, specific missing threat classes, recommended additions with ATLAS/ATT&CK references, prioritized update roadmap.

zeroday-gap-learn Run the zero-day learning loop: zero-day description → attack vector extraction → control gap identification → framework coverage assessment → new control requirement generation → exposure scoring. Encodes lessons from Copy Fail, Dirty Frag, CVE-2025-53773, CVE-2026-30615, SesameOp. Feeds back into framework-gap-analysis and threat-model-currency.

Identity, OT, Disclosure & Threat Modeling

identity-assurance Identity assurance for mid-2026. NIST 800-63 AAL/IAL/FAL levels, FIDO2/WebAuthn passkey deployment, OIDC/SAML/SCIM federation, agent-as-principal identity for autonomous AI workloads, short-lived workload token issuance, OAuth 2.0 + RFC 9700 (OAuth 2.0 Security BCP) hardening. Outputs: assurance-level gap map, passkey rollout plan, agent identity policy, token-lifetime targets.

ot-ics-security OT / ICS security for mid-2026. NIST 800-82r3, IEC 62443-3-3, NERC CIP, IT/OT convergence risks (flat networks, shared AD, jump-host weaknesses), AI-augmented HMI threats, and ATT&CK for ICS mappings. Outputs: zone/conduit gap map, safety-instrumented-system isolation review, OT-specific patching exception templates.

coordinated-vuln-disclosure Coordinated Vulnerability Disclosure for mid-2026. ISO 29147 (disclosure) + ISO 30111 (handling), VDP and bug bounty design, CSAF 2.0 machine-readable advisories, security.txt (RFC 9116), EU CRA / NIS2 regulator-mandated disclosure timelines, AI-specific vulnerability classes (prompt injection, training data poisoning, model exfiltration). Outputs: VDP policy, advisory template, regulator notification calendar.

threat-modeling-methodology Methodology selection and execution across STRIDE, PASTA, LINDDUN (privacy), Cyber Kill Chain, Diamond Model, MITRE Unified Kill Chain, AI-system threat modeling, and agent-based threat modeling. Outputs: methodology choice with justification, scoped DFD or attack tree, threat-to-control crosswalk against ATLAS / ATT&CK / D3FEND.

Install

Three audience paths. Pick the one that matches how you'll use this.

1. AI consumer (read-only — most users)

You want an AI assistant to load the skills + catalogs against a question of yours. Easiest path:

npx @blamejs/exceptd-skills path

That prints the absolute path of the installed package. Point your AI assistant at:

• <path>/AGENTS.md — canonical project rules + ground truth for every skill
• <path>/data/_indexes/summary-cards.json — 100-word abstract per skill (12 KB)
• <path>/data/_indexes/recipes.json — curated multi-skill chains for common use cases

No clone, no signing keys, no Node 24 required for assistants that read directly from disk. If your assistant needs a local copy as a regular checkout, use npx degit blamejs/exceptd-skills my-skills instead.

2. Operator (run commands locally)

You want to refresh CVE/RFC data, run currency checks, or generate reports. Install + invoke via npx (no global install needed):

npx @blamejs/exceptd-skills doctor                                # health check
npx @blamejs/exceptd-skills refresh --apply --swarm               # pull KEV/NVD/EPSS/RFC/GHSA + apply
npx @blamejs/exceptd-skills refresh --advisory CVE-2026-45321     # seed one CVE draft from GHSA
npx @blamejs/exceptd-skills refresh --advisory MAL-2026-3083      # seed via OSV (MAL-/SNYK-/RUSTSEC-/USN-/PYSEC-/GO-/MGASA-/UVI-)
npx @blamejs/exceptd-skills refresh --curate CVE-2026-45321       # surface editorial questions for a draft
npx @blamejs/exceptd-skills refresh --network                     # swap data/ from latest signed npm tarball

For frequent use, install globally to skip the npx resolution every time:

npm install -g @blamejs/exceptd-skills
exceptd help

First run — verify the signing chain and pin the public-key fingerprint for out-of-band checks:

exceptd doctor --signatures            # verify Ed25519 chains (38/38 expected)
cat $(exceptd path)/keys/EXPECTED_FINGERPRINT   # pin fingerprint for OOB verify

Verify on npm: npm view @blamejs/exceptd-skills@<version> dist.signatures shows the SLSA v1 provenance attestation.

Air-gapped operation: run exceptd refresh --prefetch on a connected host, copy the resulting .cache/upstream/ to the airgap, run exceptd refresh --from-cache <path> --apply over there. The vendored upstream snapshots replace every network call.

Fresh-disclosure workflow (v0.12.0): the nightly auto-PR job pulls KEV / NVD / EPSS / IETF / GHSA (added in v0.12.0) / OSV (added in v0.12.10). KEV typically takes days; NVD ~10 days; GHSA fires within hours of disclosure and covers npm + PyPI + Maven + Go + NuGet + …; OSV aggregates the OSSF Malicious Packages dataset (MAL-* keys) + Snyk + RustSec + Mageia + Ubuntu USN + Go Vuln DB + PYSEC + UVI on top of GHSA — useful for malicious-package compromises that don't have CVEs yet (exceptd refresh --advisory MAL-2026-3083). New IDs land as drafts (_auto_imported: true, _draft: true) that the catalog validator treats as warnings, not errors — operators get the fresh entry immediately, editorial review (framework gaps, IoCs, ATLAS/ATT&CK refs) follows via exceptd refresh --curate <ID>. For "I want this advisory today, not tomorrow": exceptd refresh --advisory <CVE-or-GHSA-or-MAL-or-SNYK-or-RUSTSEC-ID> --apply.

Optional env vars for higher rate budgets:

| Variable | Purpose | |---|---| | NVD_API_KEY | Lifts NVD 2.0 from 5 → 50 requests per 30s window. Free key at https://nvd.nist.gov/developers/request-an-api-key. | | GITHUB_TOKEN | Lifts GitHub Releases + GHSA from 60 → 5000 requests per hour. | | EXCEPTD_GHSA_FIXTURE | Path to a JSON fixture matching the api.github.com/advisories shape. For offline tests + air-gap workflows. | | EXCEPTD_OSV_FIXTURE | Path to a JSON fixture matching the OSV schema (https://ossf.github.io/osv-schema/). For offline tests + air-gap workflows against the OSV source (added v0.12.10). | | EXCEPTD_REGISTRY_FIXTURE | Path to a JSON fixture matching the npm registry response. Used by doctor --registry-check + run --upstream-check + refresh --network for offline testing. |

3. Maintainer (extend / sign / publish)

You're adding a skill, updating a catalog, or cutting a release. Clone + bootstrap the full toolchain:

git clone https://github.com/blamejs/exceptd-skills
cd exceptd-skills
npm run bootstrap          # auto-detects: verify-only / re-sign / first-init
npm run predeploy          # full 14-gate CI sequence locally

bootstrap auto-detects the right mode based on which keys exist on disk:

• Verify-only (default on a fresh clone): keys/public.pem ships in the repo, no .keys/private.pem locally. Checks that every skill verifies against the shipped signature, exits.
• Re-sign: .keys/private.pem exists locally. Re-signs every skill against current content, verifies.
• First-init: no keys/public.pem shipped or --init passed. Generates a new Ed25519 keypair, signs everything.

Direct invocations also available: npm run verify, node lib/sign.js sign-all.

CLI command reference

Every command works the same via npx @blamejs/exceptd-skills, a global install (exceptd), or a local node bin/exceptd.js.

v0.11.0 canonical verbs

exceptd                               First-run welcome — two ways to start
                                      (discover / ask) plus common starting
                                      playbooks for code / Linux / service contexts.

exceptd discover                      Scan cwd → recommend playbooks based on
                                      detected files (.git, package.json,
                                      Dockerfile, requirements.txt, etc) + host
                                      platform. Replaces scan + dispatch.
  --scan-only                         Also include legacy host scan findings.
  --json | --pretty                   Machine output (default is human checklist).

exceptd brief [playbook]              Unified info doc — jurisdictions + threat
                                      context + RWEP thresholds + preconditions
                                      + artifacts + indicators. Replaces plan +
                                      govern + direct + look.
  --all                               Every playbook (replaces `plan`).
  --scope <type>                      system | code | service | cross-cutting.
  --directives                        Expand directive metadata per playbook.
  --phase <name>                      Emit only one phase (legacy compat).

exceptd run [playbook]                Phases 4-7. Auto-detects cwd context when
                                      no playbook positional.
  --evidence <file|->                 Submission JSON (flat or nested shape).
  --evidence-dir <dir>                Per-playbook submission files (cron-friendly).
  --scope <type> | --all              Multi-playbook run.
  --vex <file>                        CycloneDX / OpenVEX filter (drop not_affected).
  --format <fmt> ...                  csaf-2.0 | sarif | openvex | markdown | summary.
                                      Repeatable. CSAF is primary; extras go to
                                      close.evidence_package.bundles_by_format.
  --diff-from-latest                  Drift vs prior attestation for same playbook.
  --ci                                Exit-code gate (use `exceptd ci` instead).
  --operator <name>                   Bind attestation to identity.
  --ack                               Explicit jurisdiction-obligation consent.
  --session-id <id>                   Reuse session id (collision refused).
  --force-overwrite                   Override session collision refusal.
  --session-key <hex>                 HMAC sign evidence_package (≥ 16 hex chars).
  --attestation-root <path>           Override ~/.exceptd/attestations/ root.
                                      Alternative: set EXCEPTD_HOME=<dir>
                                      env var (attestations land in
                                      $EXCEPTD_HOME/attestations/). Useful for
                                      multi-tenant shared hosts where each
                                      operator wants a private attestation
                                      root, or for CI runners that should
                                      scope attestations to the job workspace.
  --explain                           Dry-run: preconditions + artifacts +
                                      signal keys + submission skeleton.
  --signal-list                       Lighter than --explain; enumerate signal
                                      keys only.
  --force-stale                       Override threat_currency_score < 50 gate.
  --air-gap                           Honor air_gap_alternative paths.

exceptd ai-run <playbook>             JSONL streaming variant of run. AI emits
                                      evidence events on stdin; runner streams
                                      phase events on stdout. One pipe, no
                                      file handoff.
  --no-stream                         Single-shot mode (emit one combined JSON).

exceptd attest <subverb> [<sid>]      Auditor-facing operations.
  attest list                         Inventory all sessions across both
                                      ~/.exceptd and cwd-legacy roots.
  attest show <sid>                   Full (unredacted) attestation.
  attest export <sid>                 Redacted bundle for audit submission.
                                      Strips raw artifact values; preserves
                                      evidence_hash + signature + verdict.
                                      --format csaf wraps in CSAF envelope.
  attest verify <sid>                 Ed25519 .sig sidecar verification.
  attest diff <sid>                   Drift replay (= reattest default).
                                      --against <other-sid> compares two
                                      sessions side-by-side with per-artifact
                                      diff (added / removed / changed).
  --playbook <id>                     Filter (list / diff).
  --since <ISO>                       Filter list / diff to entries after date.

exceptd discover / doctor / ci        See above for doctor and ci.

exceptd doctor                        One-shot health check.
  --signatures                        Only Ed25519 skill verification.
  --currency                          Only skill currency report.
  --cves                              Only CVE catalog drift check.
  --rfcs                              Only RFC catalog drift check.

exceptd ci                            One-shot CI gate. Exits 2 on detected or
                                      rwep ≥ rwep_threshold.escalate.
  --all | --scope <type>              Pick playbooks; auto-detect if neither.
  --max-rwep <n>                      Cap below playbook default.
  --block-on-jurisdiction-clock       Fail when notification clock fires.
  --evidence / --evidence-dir         Per-playbook submission files.

exceptd ask "<question>"              Plain-English routing to playbook(s).
                                      Returns ranked playbook IDs based on
                                      keyword overlap with each playbook's
                                      domain.name + attack_class + threat_context.

exceptd lint <pb> <evidence>          Pre-flight check submission shape vs
                                      playbook (preconditions / artifacts /
                                      indicators) without executing phases 4-7.

exceptd refresh                       Refresh upstream catalogs + indexes.
                                      Replaces prefetch + refresh + build-indexes.
  --apply                             Write diffs back + rebuild indexes.
  --from-cache [<dir>]                Read from prefetch cache.
  --prefetch                          Populate the offline cache (alias for
                                      --no-network).
  --network                           (v0.11.14) Fetch latest signed catalog
                                      snapshot from npm tarball, verify against
                                      local public.pem, swap data/ in place.
  --advisory <CVE-or-GHSA-ID>         (v0.12.0) Seed a single catalog entry from
                                      GitHub Advisory Database. Writes a draft
                                      flagged _auto_imported. --apply commits it.
  --curate <CVE-ID>                   (v0.12.0) Emit editorial questions + ranked
                                      candidates (ATLAS/ATT&CK/CWE/framework) for
                                      a draft catalog entry.
  --indexes-only                      Rebuild data/_indexes/*.json only.

Sources (default = all): kev | epss | nvd | rfc | pins | ghsa (v0.12.0).
GHSA covers npm, PyPI, Maven, Go, NuGet, etc. New CVE IDs land as drafts
that the catalog validator treats as warnings, not errors — editorial
review (framework gaps, IoCs, ATLAS/ATT&CK refs) is still required.

exceptd skill <name>                  Show context for one skill.
exceptd framework-gap <FW> <ref>      One framework + one CVE/scenario, JSON
                                      or human. (Operates outside the seven-
                                      phase contract for ad-hoc gap analysis.)
exceptd path                          Absolute path to the installed package.
exceptd version                       Package version.
exceptd help                          This help.
exceptd <verb> --help                 Per-verb usage with flag descriptions.

Legacy v0.10.x verbs (deprecated, scheduled for removal in v0.13)

These still work but emit a one-time deprecation banner per process:

| Legacy verb | v0.11.0 replacement | |---|---| | plan | brief --all | | govern <pb> | brief <pb> --phase govern | | direct <pb> | brief <pb> --phase direct | | look <pb> | brief <pb> --phase look | | scan | discover --scan-only | | dispatch | discover | | currency | doctor --currency | | verify | doctor --signatures | | validate-cves | doctor --cves | | validate-rfcs | doctor --rfcs | | ingest | run | | reattest <sid> | attest diff <sid> | | list-attestations | attest list | | watchlist | (no replacement yet — kept) | | prefetch | refresh --no-network | | build-indexes | refresh --indexes-only |

Suppress the deprecation banner: EXCEPTD_DEPRECATION_SHOWN=1.

Invoking a skill from your AI assistant

Once your assistant has loaded AGENTS.md, type a trigger phrase or skill name:

kernel-lpe-triage
ai-attack-surface
framework-gap-analysis NIST-800-53-SI-2 CVE-2026-31431
compliance-theater
global-grc NIS2
exploit-scoring CVE-2026-31431
zeroday-gap-learn CVE-2026-30615
security-maturity-tiers
pqc-first

AI assistant configuration

The canonical agent-agnostic project rules live in AGENTS.md — the only project-rules file in this repo. The project does not ship per-vendor mirrors; each tool is configured to load AGENTS.md directly.

| Assistant | How it picks up the rules | |-----------|---------------------------| | OpenAI Codex CLI, Sourcegraph amp, Aider, Continue, Cline, Roo Code, Q Developer, and any tool that follows the cross-vendor AGENTS.md convention | Auto-loads AGENTS.md from the project root. | | Cursor | Auto-loads .cursorrules (a short stub pointing at AGENTS.md). | | GitHub Copilot | Auto-loads .github/copilot-instructions.md (stub pointing at AGENTS.md). | | Windsurf | Auto-loads .windsurfrules (stub pointing at AGENTS.md). | | Anthropic Claude Code | Doesn't auto-load AGENTS.md. Load it manually with @AGENTS.md on the first turn, or add your own per-machine ~/.claude/CLAUDE.md that references it. The project intentionally does not ship a CLAUDE.md mirror. | | Google Gemini CLI, JetBrains AI, Replit Agent, anything else | Point the tool at AGENTS.md via its config, or load CONTEXT.md manually for a shorter orientation. |

If your tool has a conventional auto-load filename not listed here and you'd like first-class support, open an issue — we'll add a pointer stub.

Pre-computed indexes

data/_indexes/ ships 17 derived files so AI consumers can answer cross-reference questions without scanning every skill + catalog. Highlights:

• summary-cards.json — 100-word abstract per skill; what to load when planning a multi-skill workflow.
• recipes.json — 8 curated skill sequences for common use cases (AI red team prep, PCI audit defense, federal IR, DORA TLPT, K-12 EdTech review, ransomware tabletop, new-CVE triage, OSS dep triage).
• chains.json — pre-hydrated cross-walks per CVE and per CWE: which skills cite this, which framework gaps it surfaces, which D3FEND countermeasures back it.
• token-budget.json — approximate token cost per skill + per section for context budgeting.
• jurisdiction-clocks.json — normalized jurisdiction × obligation × hours matrix (breach notification, patch SLA) across 29 jurisdictions.
• did-ladders.json — canonical defense-in-depth ladders per attack class (prompt injection, kernel LPE, AI-as-C2, ransomware, supply chain, BOLA, model exfiltration, BEC).
• theater-fingerprints.json — structured records for the 7 compliance theater patterns: claim, audit evidence, reality, fast detection test, controls implicated.
• _meta.json — sha256 of every source file. The validate-indexes predeploy gate fails if any source changed after the last build; build-indexes --changed reads this to know what to rebuild.

Regenerate with exceptd build-indexes (full) or exceptd build-indexes --changed --parallel (incremental).

For skill authors — agents/

The agents/ directory ships markdown role cards documenting authoring conventions for contributors writing new skills or playbooks. The cards are reference material for humans and AI assistants editing the repo; the CLI runtime does not load them. Operators consuming @blamejs/exceptd-skills can ignore the directory.

Data catalogs

All skills pull from data/. Cross-validated against canonical upstream sources via exceptd refresh / exceptd doctor --cves / exceptd doctor --rfcs.

• cve-catalog.json — CVE metadata with RWEP scores, CISA KEV status, PoC availability, live-patch info
• atlas-ttps.json — MITRE ATLAS v5.4.0 TTPs with gap flags and exploitation examples
• framework-control-gaps.json — Per-framework, per-control: what it was designed for vs. what it misses
• exploit-availability.json — PoC locations, weaponization status, AI-assist factor
• global-frameworks.json — All major global compliance frameworks (35 jurisdictions) with control inventories and lag scores
• zeroday-lessons.json — Zero-day → control gap → framework gap → new control requirement mappings
• cwe-catalog.json — CWE entries pinned to CWE v4.17 (Top 25 + AI- / supply-chain-relevant additions)
• d3fend-catalog.json — MITRE D3FEND defensive technique entries pinned to D3FEND v1.0.0
• rfc-references.json — IETF RFC / Internet-Draft references with status, errata, replaces / replaced-by, last_verified
• dlp-controls.json — DLP control entries indexed by channel / classifier / surface / enforcement / evidence

Philosophy

Compliance is not security. A SOC 2 Type II report confirms that controls existed and operated effectively during the audit period. It says nothing about whether those controls are adequate for current attack patterns. When NIST 800-53 SI-2 says "apply security patches in a timely manner" and Copy Fail is a 732-byte deterministic root with a public PoC and no race condition, "timely" is the wrong frame entirely.

Framework lag is measured in months. MITRE ATLAS v5.4.0 (February 2026) is the most current AI threat framework available. It still lags real exploitation by 3-6 months. NIST AI RMF lags by years. ISO 27001:2022 has no AI-specific controls. These skills explicitly flag every place where framework coverage ends and real attacker capability begins.

AI changed the exploit development timeline. Copy Fail was discovered by an AI system in approximately one hour. 41% of 2025 zero-days involved AI-assisted reverse engineering on the attacker side. The time between vulnerability introduction and reliable exploitation is compressing faster than patch management processes can adapt. Risk scoring must reflect this.

Every org has a compliance theater problem. The question is not whether paper controls map to audit requirements. The question is whether those controls would actually detect or prevent an attack. These skills answer the second question.

Contributing

See CONTRIBUTING.md. Key rules:

• No new CVE reference without a complete data/cve-catalog.json entry
• No new framework gap claim without a data/framework-control-gaps.json entry
• No skill uses CVSS as the sole risk metric
• Every new zero-day triggers a data/zeroday-lessons.json entry

License

Apache 2.0. See LICENSE.

Community at exceptd.com.