Running `brief sinks` on zizmor (a Rust project) returns Python stdlib sinks alongside Rust ones because the repo has `.py` files for docs/testing. Not technically wrong but noisy when Python is incidental to the project.
Could address this by:
- A `--language` filter flag on the sinks command (and threat-model)
- Tagging detections with primary vs secondary based on file count (the engine already sorts languages by file count)
- Doing nothing, since someone writing Python in a Rust repo should still know about `eval` and `pickle.loads`
Low priority since the findings are valid, just diluted by secondary languages.
Running `brief sinks` on zizmor (a Rust project) returns Python stdlib sinks alongside Rust ones because the repo has `.py` files for docs/testing. Not technically wrong but noisy when Python is incidental to the project.
Could address this by:
Low priority since the findings are valid, just diluted by secondary languages.