diff --git a/plugins/sagemaker-ai/skills/dataset-evaluation/scripts/format_detector.py b/plugins/sagemaker-ai/skills/dataset-evaluation/scripts/format_detector.py
index 158db918..2debd27a 100644
--- a/plugins/sagemaker-ai/skills/dataset-evaluation/scripts/format_detector.py
+++ b/plugins/sagemaker-ai/skills/dataset-evaluation/scripts/format_detector.py
@@ -653,7 +653,7 @@ def detect_format(file_path: str, sample_size_bytes: int = 1_048_576, s3_client=
         if args.json:
             output = {
                 "format_type": result.format_type.value,
-                "is_valid": result.is_valid,  # nosemgrep: python.lang.maintainability.is-function-without-parentheses -- dataclass field, not a method
+                "is_valid": result.is_valid,  # nosemgrep: python.lang.maintainability.is-function-without-parentheses.is-function-without-parentheses -- dataclass field, not a method
                 "confidence": result.confidence.value,
                 "lines_sampled": result.lines_sampled,
                 "errors": [
@@ -664,7 +664,7 @@ def detect_format(file_path: str, sample_size_bytes: int = 1_048_576, s3_client=
             print(json.dumps(output, indent=2))
         else:
             print(f"Format: {result.format_type.value}")
-            print(f"Valid: {'✓' if result.is_valid else '✗'}")  # nosemgrep: python.lang.maintainability.is-function-without-parentheses -- dataclass field, not a method
+            print(f"Valid: {'✓' if result.is_valid else '✗'}")  # nosemgrep: python.lang.maintainability.is-function-without-parentheses.is-function-without-parentheses -- dataclass field, not a method
             print(f"Confidence: {result.confidence.name}")
             print(f"Lines sampled: {result.lines_sampled}")
             if result.errors:
@@ -672,7 +672,7 @@ def detect_format(file_path: str, sample_size_bytes: int = 1_048_576, s3_client=
                 for err in result.errors:
                     print(f"  Line {err.line_number}: {err.message}")
         
-        sys.exit(0 if result.is_valid else 1)  # nosemgrep: python.lang.maintainability.is-function-without-parentheses -- dataclass field, not a method
+        sys.exit(0 if result.is_valid else 1)  # nosemgrep: python.lang.maintainability.is-function-without-parentheses.is-function-without-parentheses -- dataclass field, not a method
     except (FileNotFoundError, IOError, ValueError) as e:
         print(f"Error: {e}", file=sys.stderr)
         sys.exit(1)
diff --git a/tools/validate-cross-refs.cjs b/tools/validate-cross-refs.cjs
index ae48df43..3b49b348 100644
--- a/tools/validate-cross-refs.cjs
+++ b/tools/validate-cross-refs.cjs
@@ -51,6 +51,7 @@ function info(message) {
 
 function validateMarketplace(marketplacePath, manifestPathParts) {
   // Check marketplace.json exists
+  // nosemgrep: gitlab.eslint.detect-non-literal-fs-filename, javascript.lang.security.audit.detect-non-literal-fs-filename.detect-non-literal-fs-filename -- callers pass hardcoded constants, not user input
   if (!fs.existsSync(marketplacePath)) {
     error(`Marketplace file not found: ${marketplacePath}`);
     return;
@@ -58,6 +59,7 @@ function validateMarketplace(marketplacePath, manifestPathParts) {
 
   let marketplace;
   try {
+    // nosemgrep: gitlab.eslint.detect-non-literal-fs-filename, javascript.lang.security.audit.detect-non-literal-fs-filename.detect-non-literal-fs-filename -- callers pass hardcoded constants, not user input
     marketplace = JSON.parse(fs.readFileSync(marketplacePath, "utf8"));
   } catch (e) {
     error(`Failed to parse ${marketplacePath}: ${e.message}`);