054565490e
Add a conservative metadata fixer for missing risk and source fields, cover it with tests, and backfill the remaining skills using explicit source inference only when the provenance is clear. Fall back to the repo-documented defaults when the file does not support a stronger claim. Refs #365