I should avoid providing any links or information that could be used for malicious purposes. Instead, focus on educating them on the risks and legal paths. Maybe include a section on how to learn about penetration testing responsibly.