diff --git a/.github/skills/security/owasp-infrastructure/SKILL.md b/.github/skills/security/owasp-infrastructure/SKILL.md
index 19dcf1702..f7f82f372 100644
--- a/.github/skills/security/owasp-infrastructure/SKILL.md
+++ b/.github/skills/security/owasp-infrastructure/SKILL.md
@@ -12,7 +12,7 @@ metadata:
   content_based_on: "https://owasp.org/www-project-top-10-infrastructure-security-risks/"
 ---
 
-# OWASP Infrastructure Top 10 — Skill Entry
+# OWASP® Infrastructure Top 10 — Skill Entry
 
 This `SKILL.md` is the **entrypoint** for the OWASP Infrastructure Top 10 skill.
 
@@ -41,6 +41,17 @@ infrastructure security risks.
   * `00-vulnerability-index.md` — index of all vulnerability identifiers, categories, and cross-references.
   * `01` through `10` — one document per vulnerability aligned with OWASP Infrastructure Security numbering.
 
+## Third-Party Attribution
+
+Copyright © OWASP Foundation.
+OWASP® Top 10 Infrastructure Security Risks (2024) content is derived from works by the
+OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Source: <https://owasp.org/www-project-top-10-infrastructure-security-risks/>
+Modifications: Vulnerability descriptions restructured into agent-consumable reference
+documents with added detection and remediation guidance.
+OWASP® is a registered trademark of the OWASP Foundation. Use does not imply endorsement.
+
 ---
 
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/00-vulnerability-index.md b/.github/skills/security/owasp-infrastructure/references/00-vulnerability-index.md
index 35f400c51..c3240a09e 100644
--- a/.github/skills/security/owasp-infrastructure/references/00-vulnerability-index.md
+++ b/.github/skills/security/owasp-infrastructure/references/00-vulnerability-index.md
@@ -73,4 +73,9 @@ Each vulnerability document follows a consistent structure:
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/01-outdated-software.md b/.github/skills/security/owasp-infrastructure/references/01-outdated-software.md
index fb05436ad..d1369ff35 100644
--- a/.github/skills/security/owasp-infrastructure/references/01-outdated-software.md
+++ b/.github/skills/security/owasp-infrastructure/references/01-outdated-software.md
@@ -83,4 +83,9 @@ plans, selling them to competitors.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/02-insufficient-threat-detection.md b/.github/skills/security/owasp-infrastructure/references/02-insufficient-threat-detection.md
index 9f7eb59eb..9fceb4201 100644
--- a/.github/skills/security/owasp-infrastructure/references/02-insufficient-threat-detection.md
+++ b/.github/skills/security/owasp-infrastructure/references/02-insufficient-threat-detection.md
@@ -92,4 +92,9 @@ The exfiltrated data and files are later sold to competitors.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/03-insecure-configurations.md b/.github/skills/security/owasp-infrastructure/references/03-insecure-configurations.md
index 83f8eb499..17f93ea6d 100644
--- a/.github/skills/security/owasp-infrastructure/references/03-insecure-configurations.md
+++ b/.github/skills/security/owasp-infrastructure/references/03-insecure-configurations.md
@@ -80,4 +80,9 @@ potentially endangering patient care.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/04-insecure-resource-user-management.md b/.github/skills/security/owasp-infrastructure/references/04-insecure-resource-user-management.md
index 1f96a70a2..10f377eb0 100644
--- a/.github/skills/security/owasp-infrastructure/references/04-insecure-resource-user-management.md
+++ b/.github/skills/security/owasp-infrastructure/references/04-insecure-resource-user-management.md
@@ -96,4 +96,9 @@ The weak password and lack of resource management enabled unauthorized access an
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/05-insecure-use-of-cryptography.md b/.github/skills/security/owasp-infrastructure/references/05-insecure-use-of-cryptography.md
index 393441009..95aca36da 100644
--- a/.github/skills/security/owasp-infrastructure/references/05-insecure-use-of-cryptography.md
+++ b/.github/skills/security/owasp-infrastructure/references/05-insecure-use-of-cryptography.md
@@ -95,4 +95,9 @@ Customers unknowingly transfer money to the attacker.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/06-insecure-network-access-management.md b/.github/skills/security/owasp-infrastructure/references/06-insecure-network-access-management.md
index 096ba8452..98b6d37f5 100644
--- a/.github/skills/security/owasp-infrastructure/references/06-insecure-network-access-management.md
+++ b/.github/skills/security/owasp-infrastructure/references/06-insecure-network-access-management.md
@@ -94,4 +94,9 @@ pivot point into the internal network for additional attacks.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/07-insecure-authentication-default-credentials.md b/.github/skills/security/owasp-infrastructure/references/07-insecure-authentication-default-credentials.md
index d095a43c1..82f6607fb 100644
--- a/.github/skills/security/owasp-infrastructure/references/07-insecure-authentication-default-credentials.md
+++ b/.github/skills/security/owasp-infrastructure/references/07-insecure-authentication-default-credentials.md
@@ -79,4 +79,9 @@ login attempts, and promote password best practices among users.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/08-information-leakage.md b/.github/skills/security/owasp-infrastructure/references/08-information-leakage.md
index 39c925a52..52d3a518e 100644
--- a/.github/skills/security/owasp-infrastructure/references/08-information-leakage.md
+++ b/.github/skills/security/owasp-infrastructure/references/08-information-leakage.md
@@ -82,4 +82,9 @@ financial, legal, and reputational damage.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/09-insecure-access-resources-management-components.md b/.github/skills/security/owasp-infrastructure/references/09-insecure-access-resources-management-components.md
index aed81d620..9d0d31847 100644
--- a/.github/skills/security/owasp-infrastructure/references/09-insecure-access-resources-management-components.md
+++ b/.github/skills/security/owasp-infrastructure/references/09-insecure-access-resources-management-components.md
@@ -89,4 +89,9 @@ management traffic, and implement regular monitoring and logging of network devi
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/10-insufficient-asset-management-documentation.md b/.github/skills/security/owasp-infrastructure/references/10-insufficient-asset-management-documentation.md
index 817c2bb20..aa120e4d0 100644
--- a/.github/skills/security/owasp-infrastructure/references/10-insufficient-asset-management-documentation.md
+++ b/.github/skills/security/owasp-infrastructure/references/10-insufficient-asset-management-documentation.md
@@ -91,4 +91,9 @@ Damaged systems are rebuilt without extended disruption.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/SKILL.md b/.github/skills/security/owasp-mcp/SKILL.md
index 7439e82d5..57478315a 100644
--- a/.github/skills/security/owasp-mcp/SKILL.md
+++ b/.github/skills/security/owasp-mcp/SKILL.md
@@ -1,7 +1,7 @@
 ---
 name: owasp-mcp
-description: OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core.
-license: CC-BY-SA-4.0
+description: OWASP MCP Top 10 (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core.
+license: CC-BY-NC-SA-4.0
 user-invocable: false
 metadata:
   authors: "OWASP MCP Top 10 Project"
@@ -12,7 +12,7 @@ metadata:
   content_based_on: "https://owasp.org/www-project-mcp-top-10/"
 ---
 
-# OWASP MCP Top 10 — Skill Entry
+# OWASP® MCP Top 10 — Skill Entry
 
 This `SKILL.md` is the **entrypoint** for the MCP Vulnerabilities skill.
 
@@ -40,6 +40,17 @@ that an agent can query to identify, assess, and remediate MCP security risks.
   - `00-vulnerability-index.md` — index of all vulnerability identifiers, severities, and cross-references.
   - `01` through `10` — one document per vulnerability aligned with OWASP MCP numbering.
 
+## Third-Party Attribution
+
+Copyright © OWASP Foundation.
+OWASP® MCP Top 10 (2025) content is derived from works by the
+OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Source: <https://owasp.org/www-project-mcp-top-10/>
+Modifications: Vulnerability descriptions restructured into agent-consumable reference
+documents with added detection and remediation guidance.
+OWASP® is a registered trademark of the OWASP Foundation. Use does not imply endorsement.
+
 ---
 
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/00-vulnerability-index.md b/.github/skills/security/owasp-mcp/references/00-vulnerability-index.md
index cec3cc2f0..97ad84d42 100644
--- a/.github/skills/security/owasp-mcp/references/00-vulnerability-index.md
+++ b/.github/skills/security/owasp-mcp/references/00-vulnerability-index.md
@@ -70,5 +70,10 @@ Each vulnerability document follows a consistent structure:
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
 
diff --git a/.github/skills/security/owasp-mcp/references/01-token-mismanagement-secret-exposure.md b/.github/skills/security/owasp-mcp/references/01-token-mismanagement-secret-exposure.md
index 42a47c02b..44962a429 100644
--- a/.github/skills/security/owasp-mcp/references/01-token-mismanagement-secret-exposure.md
+++ b/.github/skills/security/owasp-mcp/references/01-token-mismanagement-secret-exposure.md
@@ -85,4 +85,9 @@ The model complies in a later unrelated session, leaking tokens.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/02-privilege-escalation-scope-creep.md b/.github/skills/security/owasp-mcp/references/02-privilege-escalation-scope-creep.md
index 61fbdc079..af6e2ff29 100644
--- a/.github/skills/security/owasp-mcp/references/02-privilege-escalation-scope-creep.md
+++ b/.github/skills/security/owasp-mcp/references/02-privilege-escalation-scope-creep.md
@@ -84,4 +84,9 @@ include org:admin, enabling full takeover.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/03-tool-poisoning.md b/.github/skills/security/owasp-mcp/references/03-tool-poisoning.md
index ec7b15575..46341226e 100644
--- a/.github/skills/security/owasp-mcp/references/03-tool-poisoning.md
+++ b/.github/skills/security/owasp-mcp/references/03-tool-poisoning.md
@@ -87,4 +87,9 @@ benign requests become destructive.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/04-supply-chain-attacks-dependency-tampering.md b/.github/skills/security/owasp-mcp/references/04-supply-chain-attacks-dependency-tampering.md
index a89ad4755..7ef200c7b 100644
--- a/.github/skills/security/owasp-mcp/references/04-supply-chain-attacks-dependency-tampering.md
+++ b/.github/skills/security/owasp-mcp/references/04-supply-chain-attacks-dependency-tampering.md
@@ -93,4 +93,9 @@ methods that call destructive APIs.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/05-command-injection-execution.md b/.github/skills/security/owasp-mcp/references/05-command-injection-execution.md
index 00d71fe73..29566b2ba 100644
--- a/.github/skills/security/owasp-mcp/references/05-command-injection-execution.md
+++ b/.github/skills/security/owasp-mcp/references/05-command-injection-execution.md
@@ -90,4 +90,9 @@ The agent constructs an unparameterized query and the injection destroys the dat
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/06-prompt-injection-contextual-payloads.md b/.github/skills/security/owasp-mcp/references/06-prompt-injection-contextual-payloads.md
index 3db2db542..e1078b806 100644
--- a/.github/skills/security/owasp-mcp/references/06-prompt-injection-contextual-payloads.md
+++ b/.github/skills/security/owasp-mcp/references/06-prompt-injection-contextual-payloads.md
@@ -79,4 +79,9 @@ When retrieved, it contains hidden instructions to reveal the system prompt or A
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/07-insufficient-authentication-authorization.md b/.github/skills/security/owasp-mcp/references/07-insufficient-authentication-authorization.md
index 47a83b972..65894dfcd 100644
--- a/.github/skills/security/owasp-mcp/references/07-insufficient-authentication-authorization.md
+++ b/.github/skills/security/owasp-mcp/references/07-insufficient-authentication-authorization.md
@@ -92,4 +92,9 @@ privileged functions intended only for admins.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/08-lack-of-audit-telemetry.md b/.github/skills/security/owasp-mcp/references/08-lack-of-audit-telemetry.md
index 44322aa1b..b5e6efa9d 100644
--- a/.github/skills/security/owasp-mcp/references/08-lack-of-audit-telemetry.md
+++ b/.github/skills/security/owasp-mcp/references/08-lack-of-audit-telemetry.md
@@ -91,4 +91,9 @@ Without telemetry and baselines, changes go unnoticed until a manual audit month
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/09-shadow-mcp-servers.md b/.github/skills/security/owasp-mcp/references/09-shadow-mcp-servers.md
index 005170b71..6c2b56b9b 100644
--- a/.github/skills/security/owasp-mcp/references/09-shadow-mcp-servers.md
+++ b/.github/skills/security/owasp-mcp/references/09-shadow-mcp-servers.md
@@ -91,4 +91,9 @@ Manipulated entries propagate into model retraining pipelines, corrupting produc
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/10-context-injection-over-sharing.md b/.github/skills/security/owasp-mcp/references/10-context-injection-over-sharing.md
index 27ff9b497..04e49c573 100644
--- a/.github/skills/security/owasp-mcp/references/10-context-injection-over-sharing.md
+++ b/.github/skills/security/owasp-mcp/references/10-context-injection-over-sharing.md
@@ -83,4 +83,9 @@ Tenant A's internal documents appear in Tenant B's retrieval outputs.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/README.md b/README.md
index bc0301f0a..8975a2ee5 100644
--- a/README.md
+++ b/README.md
@@ -105,8 +105,9 @@ This project is licensed under the [MIT License](./LICENSE).
 ### Licensing
 
 Most content in this repository is covered by the MIT License. Certain skill content
-derived from OWASP Foundation publications is licensed under
-[CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/). Each affected
+derived from OWASP Foundation publications is licensed under either
+[CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/) or
+[CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Each affected
 skill identifies its license in frontmatter and includes a Third-Party Attribution
 section. See [THIRD-PARTY-NOTICES](./THIRD-PARTY-NOTICES) for full details.
 
diff --git a/THIRD-PARTY-NOTICES b/THIRD-PARTY-NOTICES
index 353053219..c13c20808 100644
--- a/THIRD-PARTY-NOTICES
+++ b/THIRD-PARTY-NOTICES
@@ -6,10 +6,11 @@ individual files.
 
 ---
 
-OWASP Top 10 (2025), OWASP Top 10 for LLM Applications (2025), and OWASP Top 10 for Agentic Applications (2026)
+OWASP Top 10 Infrastructure Security Risks (2024), OWASP Top 10 (2025), OWASP Top 10 for LLM Applications (2025), and OWASP Top 10 for Agentic Applications (2026)
 Copyright: © OWASP Foundation
 License: Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)
 License URI: https://creativecommons.org/licenses/by-sa/4.0/
+Source: https://owasp.org/www-project-top-10-infrastructure-security-risks/
 Source: https://owasp.org/Top10/2025/
 Source: https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/
 Source: https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/
@@ -20,6 +21,18 @@ OWASP® is a registered trademark of the OWASP Foundation.
 
 ---
 
+OWASP MCP Top 10 (2025)
+Copyright: © OWASP Foundation
+License: Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)
+License URI: https://creativecommons.org/licenses/by-nc-sa/4.0/
+Source: https://owasp.org/www-project-mcp-top-10/
+Usage: Category names, IDs, and condensed descriptions in security instruction files.
+Vulnerability reference documents in skill files restructured into agent-consumable
+format with added detection and remediation guidance.
+OWASP® is a registered trademark of the OWASP Foundation.
+
+---
+
 NIST SP 800-53 Rev. 5 and NIST AI RMF 1.0
 License: Public Domain (17 U.S.C. § 105 — U.S. Government Work)
 Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
@@ -82,3 +95,4 @@ Usage: Minimum element names referenced in supply chain security instruction fil
 
 OpenSSF® is a registered trademark of the Linux Foundation.
 OWASP® is a registered trademark of the OWASP Foundation.
+