microsoft · MukundaKatta · Apr 20, 2026 · Apr 27, 2026 · May 5, 2026 · chaosdinosaur
@@ -12,11 +12,11 @@ metadata:
   content_based_on: "https://owasp.org/www-project-top-10-infrastructure-security-risks/"
 ---
 
-# OWASP Infrastructure Top 10 — Skill Entry
+# OWASP® Infrastructure Top 10 — Skill Entry
 
 This `SKILL.md` is the **entrypoint** for the OWASP Infrastructure Top 10 skill.
 
-The skill encodes the **OWASP Infrastructure Security Top 10 (2024)** as structured,
+The skill encodes the **OWASP® Infrastructure Security Top 10 (2024)** as structured,
-The skill encodes the **OWASP® Infrastructure Security Top 10 (2024)** as structured,
+The skill encodes the **OWASP Infrastructure Security Top 10 (2024)** as structured,
-The skill encodes the **OWASP® Infrastructure Security Top 10 (2024)** as structured,
+The skill encodes the **OWASP Infrastructure Security Top 10 (2024)** as structured,
 machine-readable references that an agent can query to identify, assess, and remediate
 infrastructure security risks.
 
@@ -41,6 +41,17 @@ infrastructure security risks.
   * `00-vulnerability-index.md` — index of all vulnerability identifiers, categories, and cross-references.
   * `01` through `10` — one document per vulnerability aligned with OWASP Infrastructure Security numbering.
 
+## Third-Party Attribution
+
+Copyright © OWASP Foundation.
+OWASP® Infrastructure Security Top 10 (2024) content is derived from works by the
+OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Source: <https://owasp.org/www-project-top-10-infrastructure-security-risks/>
+Modifications: Vulnerability descriptions restructured into agent-consumable reference
+documents with added detection and remediation guidance.
+OWASP® is a registered trademark of the OWASP Foundation. Use does not imply endorsement.
+
 ---
 
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -73,4 +73,9 @@ Each vulnerability document follows a consistent structure:
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -83,4 +83,9 @@ plans, selling them to competitors.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -92,4 +92,9 @@ The exfiltrated data and files are later sold to competitors.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -80,4 +80,9 @@ potentially endangering patient care.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -96,4 +96,9 @@ The weak password and lack of resource management enabled unauthorized access an
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -95,4 +95,9 @@ Customers unknowingly transfer money to the attacker.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -94,4 +94,9 @@ pivot point into the internal network for additional attacks.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -79,4 +79,9 @@ login attempts, and promote password best practices among users.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -82,4 +82,9 @@ financial, legal, and reputational damage.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -89,4 +89,9 @@ management traffic, and implement regular monitoring and logging of network devi
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -91,4 +91,9 @@ Damaged systems are rebuilt without extended disruption.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -12,11 +12,11 @@ metadata:
   content_based_on: "https://owasp.org/www-project-mcp-top-10/"
 ---
 
-# OWASP MCP Top 10 — Skill Entry
+# OWASP® MCP Top 10 — Skill Entry
 
 This `SKILL.md` is the **entrypoint** for the MCP Vulnerabilities skill.
 
-The skill encodes the **OWASP MCP Top 10 (2025)** as structured, machine-readable references
+The skill encodes the **OWASP® MCP Top 10 (2025)** as structured, machine-readable references
 that an agent can query to identify, assess, and remediate MCP security risks.
 
 ## Normative references (MCP Top 10)
@@ -40,6 +40,16 @@ that an agent can query to identify, assess, and remediate MCP security risks.
   - `00-vulnerability-index.md` — index of all vulnerability identifiers, severities, and cross-references.
   - `01` through `10` — one document per vulnerability aligned with OWASP MCP numbering.
 
+## Third-Party Attribution
+
+Copyright © OWASP Foundation.
+OWASP® MCP Top 10 (2025) content is derived from works by the OWASP Foundation, licensed
+under CC BY-SA 4.0 (<https://creativecommons.org/licenses/by-sa/4.0/>).
+Source: <https://owasp.org/www-project-mcp-top-10/>
+Modifications: Vulnerability descriptions restructured into agent-consumable reference
+documents with added detection and remediation guidance.
+OWASP® is a registered trademark of the OWASP Foundation. Use does not imply endorsement.
+
 ---
 
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -70,5 +70,10 @@ Each vulnerability document follows a consistent structure:
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
 
@@ -85,4 +85,9 @@ The model complies in a later unrelated session, leaking tokens.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -84,4 +84,9 @@ include org:admin, enabling full takeover.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -87,4 +87,9 @@ benign requests become destructive.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -93,4 +93,9 @@ methods that call destructive APIs.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -90,4 +90,9 @@ The agent constructs an unparameterized query and the injection destroys the dat
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -79,4 +79,9 @@ When retrieved, it contains hidden instructions to reveal the system prompt or A
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -92,4 +92,9 @@ privileged functions intended only for admins.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -91,4 +91,9 @@ Without telemetry and baselines, changes go unnoticed until a manual audit month
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -91,4 +91,9 @@ Manipulated entries propagate into model retraining pipelines, corrupting produc
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -83,4 +83,9 @@ Tenant A's internal documents appear in Tenant B's retrieval outputs.
 
 ---
 
+Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
+(<https://creativecommons.org/licenses/by-sa/4.0/>).
+Modifications: Restructured into agent-consumable reference format with added
+detection and remediation guidance.
+
 *🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*