Skill v1.0.0

version: "1.0.0" name: ingest-cwe-taxonomies description: > Ingest the official MITRE CWE database and generate per-domain security audit taxonomies for PromptKit. Use this skill when the user wants to update CWE taxonomies, ingest a new CWE version, or regenerate domain mappings from the CWE corpus.

<!-- Generated by PromptKit — edit with care -->

You must read and execute the prompt file at .github/prompts/ingest-cwe-taxonomies.prompt.md. Treat it as the complete, self-contained instruction set for the CWE ingestion pipeline.

Inputs

• CWE source: A local path to a CWE XML file, or latest to download

the current release from https://cwe.mitre.org/data/xml/cwec_latest.xml.zip.

• Any overrides to the domain registry or mapping rules the user specifies.

Output

• Per-domain taxonomy files at taxonomies/cwe-<domain>.md (13 domains)
• Normalized CWE data at data/cwe/<version>/
• Updated manifest.yaml with new taxonomy entries
• Reusable ingestion script at scripts/ingest-cwe.py
• Diff report if a previous CWE version exists

Workflow

1. Read .github/prompts/ingest-cwe-taxonomies.prompt.md before doing

anything else.

1. Ask the user for the CWE source (path or latest).
2. Follow all six phases defined in the prompt file: Acquisition,

Normalization, Domain Mapping, Taxonomy Generation, Integration, and Verification.

1. Do NOT skip the sanity checks in Phase 6.