Description
Informational (not graded): reports whether RFC 9116 security.txt is present (at /.well-known/security.txt or /security.txt) and declares a Contact:. Responsible-disclosure contact is a human security-researcher signal, not AI-agent discoverability, so it does not affect the score.