msaad00/agent-bom

What's Changed

• feat: ResponseInspector — cloaking, SVG, invisible char detection (#241) by @msaad00 in https://github.com/msaad00/agent-bom/pull/284
• fix: reduce SKILL.md surface area for OpenClaw trust score by @msaad00 in https://github.com/msaad00/agent-bom/pull/285
• refactor: split OpenClaw SKILL.md into 4 focused skills by @msaad00 in https://github.com/msaad00/agent-bom/pull/287
• feat: ARCHITECTURE.md + expand SAST CWE map (10 → 52) by @msaad00 in https://github.com/msaad00/agent-bom/pull/303
• feat: MITRE ATT&CK mapping + Azure/GCP CIS benchmarks + ML model provenance by @msaad00 in https://github.com/msaad00/agent-bom/pull/308
• feat: MAESTRO layer tagging + vector DB scanning + AISVS v1.0 compliance by @msaad00 in https://github.com/msaad00/agent-bom/pull/312
• chore: pin docs.yml action versions to SHAs by @msaad00 in https://github.com/msaad00/agent-bom/pull/313
• fix: improve OpenClaw trust score — accurate credential claims + verification guidance by @msaad00 in https://github.com/msaad00/agent-bom/pull/314
• refactor: consolidate OpenClaw skills into one comprehensive SKILL.md by @msaad00 in https://github.com/msaad00/agent-bom/pull/315
• chore: fix stale doc claims before release (20→22 tools, 6100→3400 tests) by @msaad00 in https://github.com/msaad00/agent-bom/pull/316
• feat: ClusterFuzzLite integration + README accuracy fixes by @msaad00 in https://github.com/msaad00/agent-bom/pull/317
• feat: add OpenSSF Best Practices passing badge (100%) by @msaad00 in https://github.com/msaad00/agent-bom/pull/318
• chore: bump version to v0.60.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/319
• fix: remove _meta.tools from mcp-registry server.json by @msaad00 in https://github.com/msaad00/agent-bom/pull/320
• feat: cache poisoning + cross-agent injection detection by @msaad00 in https://github.com/msaad00/agent-bom/pull/321
• feat: cross-agent lateral movement visualization in attack flow by @msaad00 in https://github.com/msaad00/agent-bom/pull/322
• feat: Databricks Security Best Practices checks by @msaad00 in https://github.com/msaad00/agent-bom/pull/324
• chore: codebase audit fixes + AUDIT.md by @msaad00 in https://github.com/msaad00/agent-bom/pull/325
• fix: wire VectorDBInjectionDetector into proxy + runtime audit by @msaad00 in https://github.com/msaad00/agent-bom/pull/326
• fix: avoid duplicate injection alerts for non-vector tools in proxy by @msaad00 in https://github.com/msaad00/agent-bom/pull/327
• chore: final audit pass — accuracy, SVGs, CLI parity by @msaad00 in https://github.com/msaad00/agent-bom/pull/328
• fix: O1 NVIDIA bundling coverage, O2 ecosystem fixtures, O5 guard docs by @msaad00 in https://github.com/msaad00/agent-bom/pull/329
• chore: make analytics — adoption metrics snapshot (PyPI + GitHub traffic) by @msaad00 in https://github.com/msaad00/agent-bom/pull/333
• fix: CLI quality — OSV vuln enrichment, --version, first-run UX, error handler by @msaad00 in https://github.com/msaad00/agent-bom/pull/334
• fix: P0 — ecosystem case normalization, OSV detail enrichment, zero test failures by @msaad00 in https://github.com/msaad00/agent-bom/pull/335
• chore: bump version to v0.60.1 by @msaad00 in https://github.com/msaad00/agent-bom/pull/336

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.59.3...v0.60.1