diff --git a/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql b/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
index 24ecb4b0339..fc65f93f5c0 100644
--- a/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
+++ b/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
@@ -21,5 +21,5 @@ where
   ArtifactPoisoningFlow::flowPath(source, sink) and
   event = getRelevantEventInPrivilegedContext(sink.getNode())
 select sink.getNode(), source, sink,
-  "Potential artifact poisoning in $@, which may be controlled by an external user ($@).", sink,
-  sink.getNode().toString(), event, event.getName()
+  "Potential artifact poisoning, which may be controlled by an external user ($@).", event,
+  event.getName()
diff --git a/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql b/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
index d2aff7da95f..6caba357114 100644
--- a/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
+++ b/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
@@ -21,5 +21,4 @@ where
   ArtifactPoisoningFlow::flowPath(source, sink) and
   inNonPrivilegedContext(sink.getNode().asExpr())
 select sink.getNode(), source, sink,
-  "Potential artifact poisoning in $@, which may be controlled by an external user.", sink,
-  sink.getNode().toString()
+  "Potential artifact poisoning, which may be controlled by an external user."
diff --git a/actions/ql/src/change-notes/2026-04-02-alert-msg-poisoning.md b/actions/ql/src/change-notes/2026-04-02-alert-msg-poisoning.md
new file mode 100644
index 00000000000..5b016941566
--- /dev/null
+++ b/actions/ql/src/change-notes/2026-04-02-alert-msg-poisoning.md
@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* Fixed alert messages in `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` as they previously included a redundant placeholder in the alert message that would on occasion contain a long block of yml that makes the alert difficult to understand.
\ No newline at end of file