docs(owasp): add third-party attributions to skills#1332
docs(owasp): add third-party attributions to skills#1332JasonTheDeveloper wants to merge 6 commits into
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1332 +/- ##
==========================================
- Coverage 87.64% 87.63% -0.01%
==========================================
Files 65 65
Lines 10152 10152
==========================================
- Hits 8898 8897 -1
- Misses 1254 1255 +1
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
bindsi
left a comment
There was a problem hiding this comment.
Automated review (bindsi batch). Draft PR — posting as COMMENT.
The OWASP third-party attributions follow the established pattern from sibling PRs (#1388): OWASP® trademark markers on H1 headings, standardized "Third-Party Attribution" section in SKILL.md, and per-reference CC-BY-SA-4.0 footer blocks. Consistent with the owasp-infrastructure and owasp-mcp attribution PRs.
No blocking findings. Ready for promotion from draft when complete.
bindsi
left a comment
There was a problem hiding this comment.
Automated batch review: requesting changes for one blocking licensing/distribution issue.
| description: OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core. | ||
| license: CC-BY-SA-4.0 | ||
| description: OWASP MCP Top 10 (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core. | ||
| license: CC-BY-NC-SA-4.0 |
There was a problem hiding this comment.
This changes the packaged OWASP MCP skill content from CC-BY-SA-4.0 to CC-BY-NC-SA-4.0. The NonCommercial restriction can affect marketplace/plugin distribution and enterprise use, so please confirm legal approval for packaging NC-licensed derived content here or avoid including NC-licensed material before merge.
Pull Request
Description
This PR updates existing owasp related skills to reflect the source material's license. I'm also updated the
THIRD-PARTY-NOTICESandREADME.mdto reflect the newly added skills.Related Issue(s)
Closes #1325
Type of Change
Select all that apply:
Code & Documentation:
Infrastructure & Configuration:
AI Artifacts:
prompt-builderagent and addressed all feedback.github/instructions/*.instructions.md).github/prompts/*.prompt.md).github/agents/*.agent.md).github/skills/*/SKILL.md)Other:
.ps1,.sh,.py)Testing
Checklist
Required Checks
AI Artifact Contributions
/prompt-analyzeto review contributionprompt-builderreviewRequired Automated Checks
The following validation commands must pass before merging:
npm run lint:mdnpm run spell-checknpm run lint:frontmatternpm run validate:skillsnpm run lint:md-linksnpm run lint:psnpm run plugin:generatenpm run docs:testSecurity Considerations
Additional Notes
Not sure if the approach I took regarding skills that use the
CC BY-NC-SA 4.0license is correct. Looking for guidance.