feat: add data-breach-blast-radius skill for pre-breach impact analysis

[sjiyani]

Description

Adds a new \data-breach-blast-radius\ skill that performs pre-breach impact analysis on any codebase — a gap not covered by any of the existing 308 skills.

The skill inventories sensitive data (PII, PHI, PCI-DSS, credentials), traces data flows, scores exposure vectors, and produces a regulatory blast radius report with actionable hardening steps.

What makes this unique:

• Quantifies business and regulatory impact, not just vulnerability detection
• All regulatory fine formulas sourced verbatim from primary law (GDPR Art. 83, CCPA § 1798.155(a), HIPAA 45 CFR § 160.404)
• Every citation mapped to a verifiable public URL in
  eferences/SOURCES.md\
• Explicit distinction between law-sourced figures (exact) vs. heuristic estimates (planning only)
• Financial benchmarks from IBM Cost of a Data Breach Report with annual update advisory
• Renders data flow map as a visual Mermaid diagram via
  enderMermaidDiagram\
• Covers 7 jurisdictions: GDPR, CCPA, HIPAA, LGPD, PDPA (Singapore/Thailand/Malaysia/Philippines)

Files

• \skills/data-breach-blast-radius/SKILL.md\ — 7-step workflow
• 
  eferences/data-classification.md\ — T1–T5 sensitivity taxonomy with regex patterns
• 
  eferences/blast-radius-calculator.md\ — scoring formula and population estimators
• 
  eferences/regulatory-impact.md\ — fine formulas, notification timelines, jurisdiction detection
• 
  eferences/hardening-playbook.md\ — P0–P3 prioritized controls with multi-stack code examples
• 
  eferences/report-format.md\ — full report template with Mermaid diagram syntax
• 
  eferences/SOURCES.md\ — every number mapped to a primary source URL

Type of Contribution

• New skill file.

PR Checklist

• I have read and followed the CONTRIBUTING.md guidelines.
• I have read and followed the Guidance for submissions involving paid services.
• My contribution adds a new skill file in the correct directory.
• The file follows the required naming convention.
• The content is clearly structured and follows the example format.
• I have tested my instructions with GitHub Copilot.
• I have run
  pm start\ and verified that README.md is up to date.
• I am targeting the \staged\ branch for this pull request.

[github-actions]

🔍 Skill Validator Results

⚠️ Warnings or advisories found

Scope	Checked
Skills	1
Agents	1
Total	2
Severity	Count
---	---:
❌ Errors	0
⚠️ Warnings	1
ℹ️ Advisories	0

Summary

Level	Finding
ℹ️	Found 1 skill(s)
ℹ️	[data-breach-blast-radius] 📊 data-breach-blast-radius: 3,249 BPE tokens [chars/4: 3,551] (standard ~), 14 sections, 3 code blocks
ℹ️	[data-breach-blast-radius] ⚠ Skill is 3,249 BPE tokens (chars/4 estimate: 3,551) — approaching "comprehensive" range where gains diminish.
ℹ️	✅ All checks passed (1 skill(s))

Full validator output

```text Found 1 skill(s) [data-breach-blast-radius] 📊 data-breach-blast-radius: 3,249 BPE tokens [chars/4: 3,551] (standard ~), 14 sections, 3 code blocks [data-breach-blast-radius] ⚠ Skill is 3,249 BPE tokens (chars/4 estimate: 3,551) — approaching "comprehensive" range where gains diminish. ✅ All checks passed (1 skill(s)) ```

[sjiyani]

@all-contributors add @sjiyani for skill

[allcontributors]

@sjiyani

I couldn't determine any contributions to add, did you specify any contributions?
Please make sure to use valid contribution names.

[sjiyani]

@all-contributors add @sjiyani for content

[sjiyani]

@all-contributors add @sjiyani for doc

[allcontributors]

@sjiyani

I've put up a pull request to add @sjiyani! 🎉