feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills

Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.

All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)

skills/analyzing-powershell-script-block-logging/SKILL.md

@@ -1,16 +1,23 @@
 ---
 name: analyzing-powershell-script-block-logging
-description: >-
-  Parse Windows PowerShell Script Block Logs (Event ID 4104) from EVTX files to detect obfuscated
-  commands, encoded payloads, and living-off-the-land techniques. Uses python-evtx to extract and
-  reconstruct multi-block scripts, applies entropy analysis and pattern matching for Base64-encoded
-  commands, Invoke-Expression abuse, download cradles, and AMSI bypass attempts.
+description: Parse Windows PowerShell Script Block Logs (Event ID 4104) from EVTX files to detect obfuscated commands, encoded
+  payloads, and living-off-the-land techniques. Uses python-evtx to extract and reconstruct multi-block scripts, applies entropy
+  analysis and pattern matching for Base64-encoded commands, Invoke-Expression abuse, download cradles, and AMSI bypass attempts.
 domain: cybersecurity
 subdomain: security-operations
-tags: [analyzing, powershell, script, block]
-version: "1.0"
+tags:
+- analyzing
+- powershell
+- script
+- block
+version: '1.0'
 author: mahipal
 license: Apache-2.0
+nist_csf:
+- DE.CM-01
+- RS.MA-01
+- GV.OV-01
+- DE.AE-02
 ---