people-breach-intellisted

# People, Breach & Intelligence > Sub-skill of `offensive-osint`. Load `osint-methodology` for pipeline and triage context. > Authorized targets only. Never paste PII or credentials into cloud LLMs. --- ## BEHAVIORAL CONTRACT **When triggered:** Breach lookups, username/email investigation, HudsonRock/HIBP/DeHashed queries, email-pattern inference, email harvesting, Slack/Discord discovery, or package registry leak hunting is needed. **Execute:** 1. Run HudsonRock Cavalier domain lookup (§1) as the first call — highest ROI for external engagements. 2. Cross-reference with HIBP and DeHashed for domain-level breach scope. 3. Apply domain-level breach severity mapping (§1): >=10 employees = CRITICAL, 1-9 = HIGH, >=1 end-user = MEDIUM, 0 named = INFO. 4. If SSO tenants discovered (from `identity-fabric`), intersect with breach corpus for SSO_EXPOSURE findings (§1). 5. For each CVE surfaced, apply the 9-Signal Scoring Rubric (§4.1) to assign a priority tier (P0-P3). 6. For known employee names: derive candidate emails using the 8-pattern template (§2), then harvest from 6 parallel sources (§3). 7. Run Slack/Discord workspace discovery dorks (§6). 8. For package registry targets: run historical-version secret scan workflow (§7). 9. For each finding, emit per `osint-methodology` §3 schema. **Output:** Breach findings, SSO_EXPOSURE findings, person assets with derived emails, email-harvest results — all per `osint-methodology` §3 finding schema. **Severity rules:** §1 domain-l