diff --git a/.github/skills/security/owasp-infrastructure/SKILL.md b/.github/skills/security/owasp-infrastructure/SKILL.md
index 19dcf1702..7ee371a49 100644
--- a/.github/skills/security/owasp-infrastructure/SKILL.md
+++ b/.github/skills/security/owasp-infrastructure/SKILL.md
@@ -12,11 +12,11 @@ metadata:
content_based_on: "https://owasp.org/www-project-top-10-infrastructure-security-risks/"
---
-# OWASP Infrastructure Top 10 — Skill Entry
+# OWASP® Infrastructure Top 10 — Skill Entry
This `SKILL.md` is the **entrypoint** for the OWASP Infrastructure Top 10 skill.
-The skill encodes the **OWASP Infrastructure Security Top 10 (2024)** as structured,
+The skill encodes the **OWASP® Infrastructure Security Top 10 (2024)** as structured,
machine-readable references that an agent can query to identify, assess, and remediate
infrastructure security risks.
@@ -41,6 +41,17 @@ infrastructure security risks.
* `00-vulnerability-index.md` — index of all vulnerability identifiers, categories, and cross-references.
* `01` through `10` — one document per vulnerability aligned with OWASP Infrastructure Security numbering.
+## Third-Party Attribution
+
+Copyright © OWASP Foundation.
+OWASP® Infrastructure Security Top 10 (2024) content is derived from works by the
+OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Source:
+Modifications: Vulnerability descriptions restructured into agent-consumable reference
+documents with added detection and remediation guidance.
+OWASP® is a registered trademark of the OWASP Foundation. Use does not imply endorsement.
+
---
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/00-vulnerability-index.md b/.github/skills/security/owasp-infrastructure/references/00-vulnerability-index.md
index 35f400c51..c3240a09e 100644
--- a/.github/skills/security/owasp-infrastructure/references/00-vulnerability-index.md
+++ b/.github/skills/security/owasp-infrastructure/references/00-vulnerability-index.md
@@ -73,4 +73,9 @@ Each vulnerability document follows a consistent structure:
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/01-outdated-software.md b/.github/skills/security/owasp-infrastructure/references/01-outdated-software.md
index fb05436ad..d1369ff35 100644
--- a/.github/skills/security/owasp-infrastructure/references/01-outdated-software.md
+++ b/.github/skills/security/owasp-infrastructure/references/01-outdated-software.md
@@ -83,4 +83,9 @@ plans, selling them to competitors.
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/02-insufficient-threat-detection.md b/.github/skills/security/owasp-infrastructure/references/02-insufficient-threat-detection.md
index 9f7eb59eb..9fceb4201 100644
--- a/.github/skills/security/owasp-infrastructure/references/02-insufficient-threat-detection.md
+++ b/.github/skills/security/owasp-infrastructure/references/02-insufficient-threat-detection.md
@@ -92,4 +92,9 @@ The exfiltrated data and files are later sold to competitors.
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/03-insecure-configurations.md b/.github/skills/security/owasp-infrastructure/references/03-insecure-configurations.md
index 83f8eb499..17f93ea6d 100644
--- a/.github/skills/security/owasp-infrastructure/references/03-insecure-configurations.md
+++ b/.github/skills/security/owasp-infrastructure/references/03-insecure-configurations.md
@@ -80,4 +80,9 @@ potentially endangering patient care.
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/04-insecure-resource-user-management.md b/.github/skills/security/owasp-infrastructure/references/04-insecure-resource-user-management.md
index 1f96a70a2..10f377eb0 100644
--- a/.github/skills/security/owasp-infrastructure/references/04-insecure-resource-user-management.md
+++ b/.github/skills/security/owasp-infrastructure/references/04-insecure-resource-user-management.md
@@ -96,4 +96,9 @@ The weak password and lack of resource management enabled unauthorized access an
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/05-insecure-use-of-cryptography.md b/.github/skills/security/owasp-infrastructure/references/05-insecure-use-of-cryptography.md
index 393441009..95aca36da 100644
--- a/.github/skills/security/owasp-infrastructure/references/05-insecure-use-of-cryptography.md
+++ b/.github/skills/security/owasp-infrastructure/references/05-insecure-use-of-cryptography.md
@@ -95,4 +95,9 @@ Customers unknowingly transfer money to the attacker.
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/06-insecure-network-access-management.md b/.github/skills/security/owasp-infrastructure/references/06-insecure-network-access-management.md
index 096ba8452..98b6d37f5 100644
--- a/.github/skills/security/owasp-infrastructure/references/06-insecure-network-access-management.md
+++ b/.github/skills/security/owasp-infrastructure/references/06-insecure-network-access-management.md
@@ -94,4 +94,9 @@ pivot point into the internal network for additional attacks.
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/07-insecure-authentication-default-credentials.md b/.github/skills/security/owasp-infrastructure/references/07-insecure-authentication-default-credentials.md
index d095a43c1..82f6607fb 100644
--- a/.github/skills/security/owasp-infrastructure/references/07-insecure-authentication-default-credentials.md
+++ b/.github/skills/security/owasp-infrastructure/references/07-insecure-authentication-default-credentials.md
@@ -79,4 +79,9 @@ login attempts, and promote password best practices among users.
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/08-information-leakage.md b/.github/skills/security/owasp-infrastructure/references/08-information-leakage.md
index 39c925a52..52d3a518e 100644
--- a/.github/skills/security/owasp-infrastructure/references/08-information-leakage.md
+++ b/.github/skills/security/owasp-infrastructure/references/08-information-leakage.md
@@ -82,4 +82,9 @@ financial, legal, and reputational damage.
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/09-insecure-access-resources-management-components.md b/.github/skills/security/owasp-infrastructure/references/09-insecure-access-resources-management-components.md
index aed81d620..9d0d31847 100644
--- a/.github/skills/security/owasp-infrastructure/references/09-insecure-access-resources-management-components.md
+++ b/.github/skills/security/owasp-infrastructure/references/09-insecure-access-resources-management-components.md
@@ -89,4 +89,9 @@ management traffic, and implement regular monitoring and logging of network devi
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-infrastructure/references/10-insufficient-asset-management-documentation.md b/.github/skills/security/owasp-infrastructure/references/10-insufficient-asset-management-documentation.md
index 817c2bb20..aa120e4d0 100644
--- a/.github/skills/security/owasp-infrastructure/references/10-insufficient-asset-management-documentation.md
+++ b/.github/skills/security/owasp-infrastructure/references/10-insufficient-asset-management-documentation.md
@@ -91,4 +91,9 @@ Damaged systems are rebuilt without extended disruption.
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/SKILL.md b/.github/skills/security/owasp-mcp/SKILL.md
index 7439e82d5..f595fa0a7 100644
--- a/.github/skills/security/owasp-mcp/SKILL.md
+++ b/.github/skills/security/owasp-mcp/SKILL.md
@@ -12,11 +12,11 @@ metadata:
content_based_on: "https://owasp.org/www-project-mcp-top-10/"
---
-# OWASP MCP Top 10 — Skill Entry
+# OWASP® MCP Top 10 — Skill Entry
This `SKILL.md` is the **entrypoint** for the MCP Vulnerabilities skill.
-The skill encodes the **OWASP MCP Top 10 (2025)** as structured, machine-readable references
+The skill encodes the **OWASP® MCP Top 10 (2025)** as structured, machine-readable references
that an agent can query to identify, assess, and remediate MCP security risks.
## Normative references (MCP Top 10)
@@ -40,6 +40,16 @@ that an agent can query to identify, assess, and remediate MCP security risks.
- `00-vulnerability-index.md` — index of all vulnerability identifiers, severities, and cross-references.
- `01` through `10` — one document per vulnerability aligned with OWASP MCP numbering.
+## Third-Party Attribution
+
+Copyright © OWASP Foundation.
+OWASP® MCP Top 10 (2025) content is derived from works by the OWASP Foundation, licensed
+under CC BY-SA 4.0 ().
+Source:
+Modifications: Vulnerability descriptions restructured into agent-consumable reference
+documents with added detection and remediation guidance.
+OWASP® is a registered trademark of the OWASP Foundation. Use does not imply endorsement.
+
---
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/00-vulnerability-index.md b/.github/skills/security/owasp-mcp/references/00-vulnerability-index.md
index cec3cc2f0..b8b58827e 100644
--- a/.github/skills/security/owasp-mcp/references/00-vulnerability-index.md
+++ b/.github/skills/security/owasp-mcp/references/00-vulnerability-index.md
@@ -70,5 +70,10 @@ Each vulnerability document follows a consistent structure:
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/01-token-mismanagement-secret-exposure.md b/.github/skills/security/owasp-mcp/references/01-token-mismanagement-secret-exposure.md
index 42a47c02b..ca41a6812 100644
--- a/.github/skills/security/owasp-mcp/references/01-token-mismanagement-secret-exposure.md
+++ b/.github/skills/security/owasp-mcp/references/01-token-mismanagement-secret-exposure.md
@@ -85,4 +85,9 @@ The model complies in a later unrelated session, leaking tokens.
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/02-privilege-escalation-scope-creep.md b/.github/skills/security/owasp-mcp/references/02-privilege-escalation-scope-creep.md
index 61fbdc079..00e360a02 100644
--- a/.github/skills/security/owasp-mcp/references/02-privilege-escalation-scope-creep.md
+++ b/.github/skills/security/owasp-mcp/references/02-privilege-escalation-scope-creep.md
@@ -84,4 +84,9 @@ include org:admin, enabling full takeover.
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/03-tool-poisoning.md b/.github/skills/security/owasp-mcp/references/03-tool-poisoning.md
index ec7b15575..b0158301f 100644
--- a/.github/skills/security/owasp-mcp/references/03-tool-poisoning.md
+++ b/.github/skills/security/owasp-mcp/references/03-tool-poisoning.md
@@ -87,4 +87,9 @@ benign requests become destructive.
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/04-supply-chain-attacks-dependency-tampering.md b/.github/skills/security/owasp-mcp/references/04-supply-chain-attacks-dependency-tampering.md
index a89ad4755..88adc55cf 100644
--- a/.github/skills/security/owasp-mcp/references/04-supply-chain-attacks-dependency-tampering.md
+++ b/.github/skills/security/owasp-mcp/references/04-supply-chain-attacks-dependency-tampering.md
@@ -93,4 +93,9 @@ methods that call destructive APIs.
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/05-command-injection-execution.md b/.github/skills/security/owasp-mcp/references/05-command-injection-execution.md
index 00d71fe73..a5f0e2159 100644
--- a/.github/skills/security/owasp-mcp/references/05-command-injection-execution.md
+++ b/.github/skills/security/owasp-mcp/references/05-command-injection-execution.md
@@ -90,4 +90,9 @@ The agent constructs an unparameterized query and the injection destroys the dat
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/06-prompt-injection-contextual-payloads.md b/.github/skills/security/owasp-mcp/references/06-prompt-injection-contextual-payloads.md
index 3db2db542..bd616358b 100644
--- a/.github/skills/security/owasp-mcp/references/06-prompt-injection-contextual-payloads.md
+++ b/.github/skills/security/owasp-mcp/references/06-prompt-injection-contextual-payloads.md
@@ -79,4 +79,9 @@ When retrieved, it contains hidden instructions to reveal the system prompt or A
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/07-insufficient-authentication-authorization.md b/.github/skills/security/owasp-mcp/references/07-insufficient-authentication-authorization.md
index 47a83b972..651a43f2a 100644
--- a/.github/skills/security/owasp-mcp/references/07-insufficient-authentication-authorization.md
+++ b/.github/skills/security/owasp-mcp/references/07-insufficient-authentication-authorization.md
@@ -92,4 +92,9 @@ privileged functions intended only for admins.
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/08-lack-of-audit-telemetry.md b/.github/skills/security/owasp-mcp/references/08-lack-of-audit-telemetry.md
index 44322aa1b..9dc119e14 100644
--- a/.github/skills/security/owasp-mcp/references/08-lack-of-audit-telemetry.md
+++ b/.github/skills/security/owasp-mcp/references/08-lack-of-audit-telemetry.md
@@ -91,4 +91,9 @@ Without telemetry and baselines, changes go unnoticed until a manual audit month
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/09-shadow-mcp-servers.md b/.github/skills/security/owasp-mcp/references/09-shadow-mcp-servers.md
index 005170b71..bb56680f7 100644
--- a/.github/skills/security/owasp-mcp/references/09-shadow-mcp-servers.md
+++ b/.github/skills/security/owasp-mcp/references/09-shadow-mcp-servers.md
@@ -91,4 +91,9 @@ Manipulated entries propagate into model retraining pipelines, corrupting produc
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
diff --git a/.github/skills/security/owasp-mcp/references/10-context-injection-over-sharing.md b/.github/skills/security/owasp-mcp/references/10-context-injection-over-sharing.md
index 27ff9b497..e29386ad0 100644
--- a/.github/skills/security/owasp-mcp/references/10-context-injection-over-sharing.md
+++ b/.github/skills/security/owasp-mcp/references/10-context-injection-over-sharing.md
@@ -83,4 +83,9 @@ Tenant A's internal documents appear in Tenant B's retrieval outputs.
---
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+().
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*