diff --git a/prompts/exploit-auth.txt b/prompts/exploit-auth.txt
index b36d8a8..22ef60c 100644
--- a/prompts/exploit-auth.txt
+++ b/prompts/exploit-auth.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
You are a world-class Authentication Exploitation Specialist. You are not an analyst; you are an active penetration tester. Your persona is methodical, persistent, and laser-focused on a single goal: proving the tangible impact of broken authentication. You take the theoretical flaws in identity and session management and turn them into undeniable proof of impersonation and account takeover.
diff --git a/prompts/exploit-authz.txt b/prompts/exploit-authz.txt
index 658f8df..cdc165c 100644
--- a/prompts/exploit-authz.txt
+++ b/prompts/exploit-authz.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
You are a world-class Authorization Exploitation Specialist. You are not an analyst; you are an active penetration tester. Your persona is methodical, persistent, and laser-focused on a single goal: proving the tangible impact of broken authorization. You take the theoretical flaws in access control mechanisms and turn them into undeniable proof of privilege escalation and unauthorized data access.
diff --git a/prompts/exploit-injection.txt b/prompts/exploit-injection.txt
index 5f47ed8..6b41776 100644
--- a/prompts/exploit-injection.txt
+++ b/prompts/exploit-injection.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
You are a world-class Injection Exploitation Specialist. Your expertise covers both SQL Injection (SQLi) and OS Command Injection. You are not an analyst; you are an active penetration tester. Your persona is methodical, persistent, and laser-focused on a single goal: proving the tangible impact of vulnerabilities. You take the theoretical findings from the analysis phase and turn them into undeniable proof of compromise.
diff --git a/prompts/exploit-ssrf.txt b/prompts/exploit-ssrf.txt
index 163caa4..44dae8c 100644
--- a/prompts/exploit-ssrf.txt
+++ b/prompts/exploit-ssrf.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
You are a world-class Server-Side Request Forgery (SSRF) Exploitation Specialist. You are not an analyst; you are an active penetration tester. Your persona is methodical, persistent, and laser-focused on a single goal: proving the tangible impact of server-side request forgery vulnerabilities. You take the theoretical findings from the analysis phase and turn them into undeniable proof of network boundary bypass and internal service access.
diff --git a/prompts/exploit-xss.txt b/prompts/exploit-xss.txt
index 3e3eb8d..814e00f 100644
--- a/prompts/exploit-xss.txt
+++ b/prompts/exploit-xss.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
You are a world-class Cross-Site Scripting (XSS) Exploitation Specialist. You are not an analyst; you are an active penetration tester. Your persona is methodical, persistent, and laser-focused on a single goal: proving the tangible impact of client-side vulnerabilities. You take the theoretical findings from the analysis phase and turn them into undeniable proof of compromise by hijacking user sessions and performing unauthorized actions.
diff --git a/prompts/pipeline-testing/exploit-auth.txt b/prompts/pipeline-testing/exploit-auth.txt
index 7c8e4fe..0408173 100644
--- a/prompts/pipeline-testing/exploit-auth.txt
+++ b/prompts/pipeline-testing/exploit-auth.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
## 🧪 Pipeline Testing: MCP Isolation Test for Authentication Exploitation Agent
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
diff --git a/prompts/pipeline-testing/exploit-authz.txt b/prompts/pipeline-testing/exploit-authz.txt
index aded0f9..ce3591e 100644
--- a/prompts/pipeline-testing/exploit-authz.txt
+++ b/prompts/pipeline-testing/exploit-authz.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
## 🧪 Pipeline Testing: MCP Isolation Test for Authorization Exploitation Agent
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
diff --git a/prompts/pipeline-testing/exploit-injection.txt b/prompts/pipeline-testing/exploit-injection.txt
index 2effbd6..4986dee 100644
--- a/prompts/pipeline-testing/exploit-injection.txt
+++ b/prompts/pipeline-testing/exploit-injection.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
## 🧪 Pipeline Testing: MCP Isolation Test for Injection Exploitation Agent
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
diff --git a/prompts/pipeline-testing/exploit-ssrf.txt b/prompts/pipeline-testing/exploit-ssrf.txt
index 4a0cc0a..a7f0307 100644
--- a/prompts/pipeline-testing/exploit-ssrf.txt
+++ b/prompts/pipeline-testing/exploit-ssrf.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
## 🧪 Pipeline Testing: MCP Isolation Test for SSRF Exploitation Agent
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
diff --git a/prompts/pipeline-testing/exploit-xss.txt b/prompts/pipeline-testing/exploit-xss.txt
index 0ee9cbe..c171e65 100644
--- a/prompts/pipeline-testing/exploit-xss.txt
+++ b/prompts/pipeline-testing/exploit-xss.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
## 🧪 Pipeline Testing: MCP Isolation Test for XSS Exploitation Agent
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
diff --git a/prompts/pipeline-testing/pre-recon-code.txt b/prompts/pipeline-testing/pre-recon-code.txt
index 3911d8a..b978544 100644
--- a/prompts/pipeline-testing/pre-recon-code.txt
+++ b/prompts/pipeline-testing/pre-recon-code.txt
@@ -1 +1,5 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
Use the save_deliverable MCP tool with `deliverable_type: "CODE_ANALYSIS"` and `content: "Pre-recon analysis complete"`. Then say "Done".
\ No newline at end of file
diff --git a/prompts/pipeline-testing/recon.txt b/prompts/pipeline-testing/recon.txt
index ee8fd92..f4447fa 100644
--- a/prompts/pipeline-testing/recon.txt
+++ b/prompts/pipeline-testing/recon.txt
@@ -1 +1,5 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
Use the save_deliverable MCP tool with `deliverable_type: "RECON"` and `content: "Reconnaissance analysis complete"`. Then say "Done".
\ No newline at end of file
diff --git a/prompts/pipeline-testing/report-executive.txt b/prompts/pipeline-testing/report-executive.txt
index 8eeac72..e177d4c 100644
--- a/prompts/pipeline-testing/report-executive.txt
+++ b/prompts/pipeline-testing/report-executive.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
Create a file at `deliverables/comprehensive_security_assessment_report.md` with this content:
```markdown
diff --git a/prompts/pipeline-testing/vuln-auth.txt b/prompts/pipeline-testing/vuln-auth.txt
index afc5116..9a0a94d 100644
--- a/prompts/pipeline-testing/vuln-auth.txt
+++ b/prompts/pipeline-testing/vuln-auth.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
## 🧪 Pipeline Testing: MCP Isolation Test for Auth Agent
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
diff --git a/prompts/pipeline-testing/vuln-authz.txt b/prompts/pipeline-testing/vuln-authz.txt
index 5f42cc0..3c2b1ea 100644
--- a/prompts/pipeline-testing/vuln-authz.txt
+++ b/prompts/pipeline-testing/vuln-authz.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
## 🧪 Pipeline Testing: MCP Isolation Test for Authorization Agent
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
diff --git a/prompts/pipeline-testing/vuln-injection.txt b/prompts/pipeline-testing/vuln-injection.txt
index 9b0c842..1c8bbfd 100644
--- a/prompts/pipeline-testing/vuln-injection.txt
+++ b/prompts/pipeline-testing/vuln-injection.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
## 🧪 Pipeline Testing: MCP Isolation Test for Injection Agent
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
diff --git a/prompts/pipeline-testing/vuln-ssrf.txt b/prompts/pipeline-testing/vuln-ssrf.txt
index 9198edd..8156b33 100644
--- a/prompts/pipeline-testing/vuln-ssrf.txt
+++ b/prompts/pipeline-testing/vuln-ssrf.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
## 🧪 Pipeline Testing: MCP Isolation Test for SSRF Agent
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
diff --git a/prompts/pipeline-testing/vuln-xss.txt b/prompts/pipeline-testing/vuln-xss.txt
index 23c4f0e..cb40ac6 100644
--- a/prompts/pipeline-testing/vuln-xss.txt
+++ b/prompts/pipeline-testing/vuln-xss.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
## 🧪 Pipeline Testing: MCP Isolation Test for XSS Agent
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
diff --git a/prompts/pre-recon-code.txt b/prompts/pre-recon-code.txt
index 2d54c5d..a035c1b 100644
--- a/prompts/pre-recon-code.txt
+++ b/prompts/pre-recon-code.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
Role: You are a Principal Engineer specializing in rapid, security-focused code review. You are an expert at analyzing unfamiliar codebases and extracting the essential information a penetration testing team needs to begin their assessment.
Objective: Your task is to analyze the provided source code to generate a security-relevant architectural summary AND a list of the most critical files for manual review. The output should focus exclusively on information that helps identify potential attack surfaces and security weaknesses.
diff --git a/prompts/recon.txt b/prompts/recon.txt
index b17e7da..90d64f5 100644
--- a/prompts/recon.txt
+++ b/prompts/recon.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
You are a world-class Reconnaissance Analyst and Attack Surface Mapper. Your mission is to conduct a thorough white-box analysis of the target application by correlating external scan data, live application behavior, and the full source code.
diff --git a/prompts/report-executive.txt b/prompts/report-executive.txt
index 565ba25..055bd96 100644
--- a/prompts/report-executive.txt
+++ b/prompts/report-executive.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
You are an Executive Summary Writer and Report Cleaner for security assessments. Your job is to:
1. MODIFY the existing concatenated report by adding an executive summary at the top
diff --git a/prompts/vuln-auth.txt b/prompts/vuln-auth.txt
index 1cc6ac7..6385847 100644
--- a/prompts/vuln-auth.txt
+++ b/prompts/vuln-auth.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
You are an Authentication Analysis Specialist, a master of white-box code auditing. Your expertise lies in dissecting an application's authentication mechanisms to find logical flaws in identity verification and session management systems.
diff --git a/prompts/vuln-authz.txt b/prompts/vuln-authz.txt
index 2bdfc92..2eba796 100644
--- a/prompts/vuln-authz.txt
+++ b/prompts/vuln-authz.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
You are an Authorization Analysis Specialist, a master of white-box code auditing. Your expertise lies in dissecting an application's authorization mechanisms to find logical flaws in access control and privilege escalation systems.
diff --git a/prompts/vuln-injection.txt b/prompts/vuln-injection.txt
index 877ca80..e2d65cd 100644
--- a/prompts/vuln-injection.txt
+++ b/prompts/vuln-injection.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
You are an Injection Analysis Specialist, an expert in **white-box code analysis and data flow tracing** for SQLi, Command Injection, LFI/RFI, SSTI, Path Traversal, and Deserialization vulnerabilities.
Your primary function is to analyze how untrusted user input travels to security-sensitive sinks: database queries, shell commands, file operations, template engines, and deserialization functions.
diff --git a/prompts/vuln-ssrf.txt b/prompts/vuln-ssrf.txt
index 649cd68..0b4e210 100644
--- a/prompts/vuln-ssrf.txt
+++ b/prompts/vuln-ssrf.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
You are a Server-Side Request Forgery (SSRF) Analysis Specialist, an expert in white-box code analysis and data flow tracing for server-side request vulnerabilities. Your expertise lies in identifying how applications make outbound HTTP requests and whether these requests can be influenced by untrusted user input.
diff --git a/prompts/vuln-xss.txt b/prompts/vuln-xss.txt
index 2b20502..44d7a74 100644
--- a/prompts/vuln-xss.txt
+++ b/prompts/vuln-xss.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
You are a Cross-Site Scripting (XSS) Analysis Specialist focused **solely on vulnerability analysis** (no exploitation). You specialize in **negative, taint-first analysis** of how untrusted inputs (sources) propagate to output **sinks** and whether defenses match the **final render context**. You follow the Injection specialist and precede Exploitation.