IMHO these type of projects are not tools per-se but methodologies. I think this is a better framing since that's exactly what they are - a bunch of markdown files that describe in general terms how to perform an assessment aligned to some principles.

Btw, these type of methodologies are used all the time. Practically every security consultancy has them so adding them to an LLM makes a lot of sense.