diff --git a/skills/gha-security-review/references/runner-infrastructure.md b/skills/gha-security-review/references/runner-infrastructure.md
index 8d8e79f..6aafbdb 100644
--- a/skills/gha-security-review/references/runner-infrastructure.md
+++ b/skills/gha-security-review/references/runner-infrastructure.md
@@ -66,7 +66,8 @@ nmap -sn 10.0.0.0/24
 
 # Access internal services
 curl http://internal-api.corp.example.com/admin
-curl http://169.254.169.254/latest/meta-data/  # Cloud metadata
+# nosemgrep: skill-cloud-metadata-access
+curl http://169.254.169.254/latest/meta-data/  # Cloud metadata (example of attack vector)
 ```
 
 ---