docs(owasp): add third-party attributions to skills

[JasonTheDeveloper]

Pull Request

Description

This PR updates existing owasp related skills to reflect the source material's license. I'm also updated the THIRD-PARTY-NOTICES and README.md to reflect the newly added skills.

Related Issue(s)

Closes #1325

Type of Change

Select all that apply:

Code & Documentation:

• Bug fix (non-breaking change fixing an issue)
• New feature (non-breaking change adding functionality)
• Breaking change (fix or feature causing existing functionality to change)
• Documentation update

Infrastructure & Configuration:

• GitHub Actions workflow
• Linting configuration (markdown, PowerShell, etc.)
• Security configuration
• DevContainer configuration
• Dependency update

AI Artifacts:

• Reviewed contribution with prompt-builder agent and addressed all feedback
• Copilot instructions (.github/instructions/*.instructions.md)
• Copilot prompt (.github/prompts/*.prompt.md)
• Copilot agent (.github/agents/*.agent.md)
• Copilot skill (.github/skills/*/SKILL.md)

Note for AI Artifact Contributors:

• Agents: Research, indexing/referencing other project (using standard VS Code GitHub Copilot/MCP tools), planning, and general implementation agents likely already exist. Review .github/agents/ before creating new ones.
• Skills: Must include both bash and PowerShell scripts. See Skills.
• Model Versions: Only contributions targeting the latest Anthropic and OpenAI models will be accepted. Older model versions (e.g., GPT-3.5, Claude 3) will be rejected.
• See Agents Not Accepted and Model Version Requirements.

Other:

• Script/automation (.ps1, .sh, .py)
• Other (please describe):

Testing

Checklist

Required Checks

• Documentation is updated (if applicable)
• Files follow existing naming conventions
• Changes are backwards compatible (if applicable)
• Tests added for new functionality (if applicable)

AI Artifact Contributions

• Used /prompt-analyze to review contribution
• Addressed all feedback from prompt-builder review
• Verified contribution follows common standards and type-specific requirements

Required Automated Checks

The following validation commands must pass before merging:

• Markdown linting: npm run lint:md
• Spell checking: npm run spell-check
• Frontmatter validation: npm run lint:frontmatter
• Skill structure validation: npm run validate:skills
• Link validation: npm run lint:md-links
• PowerShell analysis: npm run lint:ps
• Plugin freshness: npm run plugin:generate
• Docusaurus tests: npm run docs:test

Security Considerations

• This PR does not contain any sensitive or NDA information
• Any new dependencies have been reviewed for security issues
• Security-related scripts follow the principle of least privilege

Additional Notes

Not sure if the approach I took regarding skills that use the CC BY-NC-SA 4.0 license is correct. Looking for guidance.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.63%. Comparing base (d51b4d3) to head (361069d).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1332      +/-   ##
==========================================
- Coverage   87.64%   87.63%   -0.01%     
==========================================
  Files          65       65              
  Lines       10152    10152              
==========================================
- Hits         8898     8897       -1     
- Misses       1254     1255       +1     

Flag	Coverage Δ
pester	85.02% <ø> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[bindsi]

Automated review (bindsi batch). Draft PR — posting as COMMENT.

The OWASP third-party attributions follow the established pattern from sibling PRs (#1388): OWASP® trademark markers on H1 headings, standardized "Third-Party Attribution" section in SKILL.md, and per-reference CC-BY-SA-4.0 footer blocks. Consistent with the owasp-infrastructure and owasp-mcp attribution PRs.

No blocking findings. Ready for promotion from draft when complete.

[bindsi]

Automated batch review: requesting changes for one blocking licensing/distribution issue.

[bindsi]

This changes the packaged OWASP MCP skill content from CC-BY-SA-4.0 to CC-BY-NC-SA-4.0. The NonCommercial restriction can affect marketplace/plugin distribution and enterprise use, so please confirm legal approval for packaging NC-licensed derived content here or avoid including NC-licensed material before merge.