I think at bare minimum we should consider only showing assessments that are produced by the pkg_cran_remote source. Perhaps we capture the source for each assessment and only show the metric if the source matches available/expected sources. We could also expand the metric table in the assessment information section to offer transparency on all riskmetric assessments and which sources provide them. Perhaps adding a footnote with a link to that table would be helpful.
As @Jeff-Thompson12 mentioned in #623: