// offending code· 3 files flaggedpatterns: 34
--- install scripts ---
### prepublishOnly
node -e "if(process.env.EXCEPTD_SKIP_PREPUBLISH_PREDEPLOY!=='1'){const r=require('child_process').spawnSync(process.execPath,['scripts/predeploy.js'],{stdio:'inherit'});if(r.status){process.exit(r.status)}}" && node lib/validate-package.js
--- package/manifest-snapshot.json (excerpt) ---
{
"_comment": "Auto-generated by scripts/refresh-manifest-snapshot.js — do not hand-edit. Public skill surface used by check-manifest-snapshot.js to detect breaking removals.",
"_generated_at": "2026-06-05T18:14:35.343Z",
"atlas_version": "5.6.0",
"skill_count": 51,
"skills": [
{
"name": "age-gates-child-safety",
"version": "1.0.0",
"triggers": [
"age assurance",
"age gate",
"age gates",
"age verification",
"california aadc",
"child online safety",
"child safety",
"children's code",
"children's online safety",
"cipa",
"coppa",
"csam",
"dsa article 28",
"esafety",
"gdpr article 8",
"kosa",
"ofcom",
"parental consent",
"uk online safety act"
],
"data_deps": [
"atlas-ttps.json",
"cve-catalog.json",
"cwe-catalog.json",
"d3fend-catalog.json",
"dlp-controls.json",
"framework-control-gaps.json",
"global-frameworks.json"
],
"atlas_refs": [],
"attack_refs": [
"T1078",
"T1567"
],
"framework_gaps": [
"ISO-27001-2022-A.8.30",
"NIST-800-53-AC-2",
"SOC2-CC6-logical-access"
],
"rfc_refs": [],
"cwe_refs": [
"CWE-200",
"CWE-287",
"CWE-862"
],
"d3fend_refs": [],
"dlp_refs": []
},
{
"name": "ai-attack-surf
--- package/manifest.json (excerpt) ---
{
"name": "exceptd-security",
"version": "0.16.25",
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
"homepage": "https://exceptd.com",
"license": "Apache-2.0",
"atlas_version": "5.6.0",
"atlas_version_date": "2026-05-08",
"attack_version": "19.0",
"attack_version_date": "2026-04-28",
"threat_review_date": "2026-05-15",
"sources_dir": "sources/",
"agents_dir": "agents/",
"reports_dir": "reports/",
"skills": [
{
"name": "kernel-lpe-triage",
"version": "1.0.0",
"path": "skills/kernel-lpe-triage/skill.md",
"description": "Assess Linux kernel LPE exposure — Copy Fail, Dirty Frag, live-patch vs. reboot remediation",
"triggers": [
"kernel lpe",
"privilege escalation",
"copy fail",
"dirty frag",
"cve-2026-31431",
"cve-2026-43284",
"linux root",
"kernel patch",
"live kernel patch"
],
"data_deps": [
"cve-catalog.json",
"exploit-availability.json"
],
"atlas_refs": [],
"attack_refs": [
"T1068",
"T1548.001"
],
"framework_gaps": [
"NIST-800-53-SI-2",
"ISO-27001-2022-A.8.8",
"PCI-DSS-4.0-6.3.3",
"NIS2-Art21-patch-management",
"NIST-800-53-SC-8",
"CIS-Controls-v8-Control7"
],
"rfc_refs": [
"RFC-4301",
"RFC-4303",
"RFC-7296"
],
"last_t
--- package/package.json (excerpt) ---
{
"name": "@blamejs/exceptd-skills",
"version": "0.16.25",
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
"keywords": [
"ai-security",
"ai-skills",
"atlas",
"att-ck",
"attestation",
"compliance",
"csaf-2.0",
"cve",
"cwe",
"d3fend",
"ed25519",
"framework-gap",
"grc",
"kev",
"llm-security",
"mcp",
"nist",
"nvd",
"openvex",
"prompt-injection",
"provenance",
"rwep",
"sarif",
"security-research",
"skills",
"supply-chain",
"threat-intelligence",
"threat-modeling"
],
"homepage": "https://exceptd.com",
"repository": {
"type": "git",
"url": "git+https://github.com/blamejs/exceptd-skills.git"
},
"bugs": {
"url": "https://github.com/blamejs/exceptd-skills/issues"
},
"license": "Apache-2.0",
"author": "blamejs contributors",
"engines": {
"node": ">=22.11.0"
},
"bin": {
"exceptd": "bin/exceptd.js"
},
"main": "orchestrator/index.js",
"files": [
"bin/",
"lib/",
"orchestrator/",
"scripts/",
"sources/validators/",
"vendor/",
"agents/",
"data/",
"skills/",
"keys/public.pem",