microsoft · JasonTheDeveloper · Apr 10, 2026 · Apr 10, 2026 · Apr 10, 2026 · Apr 10, 2026
@@ -12,7 +12,7 @@ metadata:
   content_based_on: "https://owasp.org/www-project-top-10-infrastructure-security-risks/"
 ---
 
-# OWASP Infrastructure Top 10 — Skill Entry
+# OWASP® Infrastructure Top 10 — Skill Entry
 
 This `SKILL.md` is the **entrypoint** for the OWASP Infrastructure Top 10 skill.
 
@@ -41,6 +41,17 @@ infrastructure security risks.
   * `00-vulnerability-index.md` — index of all vulnerability identifiers, categories, and cross-references.
   * `01` through `10` — one document per vulnerability aligned with OWASP Infrastructure Security numbering.
 
+## Third-Party Attribution
+
+Copyright © OWASP Foundation.
+OWASP® Top 10 Infrastructure Security Risks (2024) content is derived from works by the
+OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Source: <https://owasp.org/www-project-top-10-infrastructure-security-risks/>
+Modifications: Vulnerability descriptions restructured into agent-consumable reference
+documents with added detection and remediation guidance.
+OWASP® is a registered trademark of the OWASP Foundation. Use does not imply endorsement.
+
 ---
 
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -73,4 +73,9 @@ Each vulnerability document follows a consistent structure:
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -83,4 +83,9 @@ plans, selling them to competitors.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -92,4 +92,9 @@ The exfiltrated data and files are later sold to competitors.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -80,4 +80,9 @@ potentially endangering patient care.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -96,4 +96,9 @@ The weak password and lack of resource management enabled unauthorized access an
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -95,4 +95,9 @@ Customers unknowingly transfer money to the attacker.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -94,4 +94,9 @@ pivot point into the internal network for additional attacks.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -79,4 +79,9 @@ login attempts, and promote password best practices among users.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -82,4 +82,9 @@ financial, legal, and reputational damage.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -89,4 +89,9 @@ management traffic, and implement regular monitoring and logging of network devi
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -91,4 +91,9 @@ Damaged systems are rebuilt without extended disruption.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -1,7 +1,7 @@
 ---
 name: owasp-mcp
-description: OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core.
-license: CC-BY-SA-4.0
+description: OWASP MCP Top 10 (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core.
+license: CC-BY-NC-SA-4.0
 user-invocable: false
 metadata:
   authors: "OWASP MCP Top 10 Project"
@@ -12,7 +12,7 @@ metadata:
   content_based_on: "https://owasp.org/www-project-mcp-top-10/"
 ---
 
-# OWASP MCP Top 10 — Skill Entry
+# OWASP® MCP Top 10 — Skill Entry
 
 This `SKILL.md` is the **entrypoint** for the MCP Vulnerabilities skill.
 
@@ -40,6 +40,17 @@ that an agent can query to identify, assess, and remediate MCP security risks.
   - `00-vulnerability-index.md` — index of all vulnerability identifiers, severities, and cross-references.
   - `01` through `10` — one document per vulnerability aligned with OWASP MCP numbering.
 
+## Third-Party Attribution
+
+Copyright © OWASP Foundation.
+OWASP® MCP Top 10 (2025) content is derived from works by the
+OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Source: <https://owasp.org/www-project-mcp-top-10/>
+Modifications: Vulnerability descriptions restructured into agent-consumable reference
+documents with added detection and remediation guidance.
+OWASP® is a registered trademark of the OWASP Foundation. Use does not imply endorsement.
+
 ---
 
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -70,5 +70,10 @@ Each vulnerability document follows a consistent structure:
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
 
@@ -85,4 +85,9 @@ The model complies in a later unrelated session, leaking tokens.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -84,4 +84,9 @@ include org:admin, enabling full takeover.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -87,4 +87,9 @@ benign requests become destructive.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -93,4 +93,9 @@ methods that call destructive APIs.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -90,4 +90,9 @@ The agent constructs an unparameterized query and the injection destroys the dat
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -79,4 +79,9 @@ When retrieved, it contains hidden instructions to reveal the system prompt or A
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -92,4 +92,9 @@ privileged functions intended only for admins.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -91,4 +91,9 @@ Without telemetry and baselines, changes go unnoticed until a manual audit month
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -91,4 +91,9 @@ Manipulated entries propagate into model retraining pipelines, corrupting produc
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -83,4 +83,9 @@ Tenant A's internal documents appear in Tenant B's retrieval outputs.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-NC-SA 4.0
+(<https://creativecommons.org/licenses/by-nc-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -105,8 +105,9 @@ This project is licensed under the [MIT License](./LICENSE).
 ### Licensing
 
 Most content in this repository is covered by the MIT License. Certain skill content
-derived from OWASP Foundation publications is licensed under
-[CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/). Each affected
+derived from OWASP Foundation publications is licensed under either
+[CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/) or
+[CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Each affected
 skill identifies its license in frontmatter and includes a Third-Party Attribution
 section. See [THIRD-PARTY-NOTICES](./THIRD-PARTY-NOTICES) for full details.
 

@@ -6,10 +6,11 @@ individual files.
 
 ---
 
-OWASP Top 10 (2025), OWASP Top 10 for LLM Applications (2025), and OWASP Top 10 for Agentic Applications (2026)
+OWASP Top 10 Infrastructure Security Risks (2024), OWASP Top 10 (2025), OWASP Top 10 for LLM Applications (2025), and OWASP Top 10 for Agentic Applications (2026)
 Copyright: © OWASP Foundation
 License: Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)
 License URI: https://creativecommons.org/licenses/by-sa/4.0/
+Source: https://owasp.org/www-project-top-10-infrastructure-security-risks/
 Source: https://owasp.org/Top10/2025/
 Source: https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/
 Source: https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/
@@ -20,6 +21,18 @@ OWASP® is a registered trademark of the OWASP Foundation.
 
 ---
 
+OWASP MCP Top 10 (2025)
+Copyright: © OWASP Foundation
+License: Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)
+License URI: https://creativecommons.org/licenses/by-nc-sa/4.0/
+Source: https://owasp.org/www-project-mcp-top-10/
+Usage: Category names, IDs, and condensed descriptions in security instruction files.
+Vulnerability reference documents in skill files restructured into agent-consumable
+format with added detection and remediation guidance.
+OWASP® is a registered trademark of the OWASP Foundation.
+
+---
+
 NIST SP 800-53 Rev. 5 and NIST AI RMF 1.0
 License: Public Domain (17 U.S.C. § 105 — U.S. Government Work)
 Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
@@ -82,3 +95,4 @@ Usage: Minimum element names referenced in supply chain security instruction fil
 
 OpenSSF® is a registered trademark of the Linux Foundation.
 OWASP® is a registered trademark of the OWASP Foundation.
+