stacknil · stacknil · Jun 30, 2026 · Jun 30, 2026
diff --git a/docs/risk-model-boundary.md b/docs/risk-model-boundary.md
@@ -8,6 +8,17 @@ conclusions the tool must never infer.
 The model is a deterministic local heuristic layer. It is not a vulnerability
 scanner, not a CVE resolver, and not a dependency safety verdict.
 
+## Explicit non-claims
+
+The risk model has three deliberate product boundaries:
+
+- **Not a CVE scanner.** It does not query vulnerability databases, resolve
+  advisories against affected version ranges, or determine exploitability.
+- **Not a malware scanner.** It does not inspect package contents, source code,
+  signatures, or runtime behavior for malicious payloads.
+- **Not a package safety verdict engine.** Risk buckets and policy decisions
+  identify evidence for review; they do not certify a package as safe or unsafe.
+
 Implementation references:
 
 - [`risk.py`](../tools/sbom-diff-and-risk/src/sbom_diff_risk/risk.py)

diff --git a/scripts/validate-reviewer-routes.py b/scripts/validate-reviewer-routes.py
@@ -195,6 +195,9 @@
         "not a vulnerability scanner",
         "not a CVE resolver",
         "not a dependency safety verdict",
+        "Not a CVE scanner",
+        "Not a malware scanner",
+        "Not a package safety verdict engine",
         "new_package",
         "major_upgrade",
         "version_change_unclassified",

diff --git a/tools/sbom-diff-and-risk/tests/test_risk_model_boundary_docs.py b/tools/sbom-diff-and-risk/tests/test_risk_model_boundary_docs.py
@@ -38,6 +38,9 @@ def test_risk_model_boundary_names_inputs_and_nonclaims() -> None:
         "not a vulnerability scanner",
         "not a CVE resolver",
         "not a dependency safety verdict",
+        "Not a CVE scanner",
+        "Not a malware scanner",
+        "Not a package safety verdict engine",
         "hidden network enrichment",
     ):
         assert phrase in text or _normalized_text(phrase) in normalized