diff --git a/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll
index ce4b88b419d..80ca46dafa9 100644
--- a/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll
@@ -30,6 +30,9 @@ deprecated class Configuration extends TaintTracking::Configuration {
   }
 }
 
+/**
+ * A taint-tracking configuration for detecting "command injection" vulnerabilities.
+ */
 module CommandInjectionConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 
diff --git a/python/ql/lib/semmle/python/security/dataflow/UnsafeShellCommandConstructionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/UnsafeShellCommandConstructionQuery.qll
index 2a68110859f..d829f08608f 100644
--- a/python/ql/lib/semmle/python/security/dataflow/UnsafeShellCommandConstructionQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/UnsafeShellCommandConstructionQuery.qll
@@ -35,6 +35,9 @@ deprecated class Configuration extends TaintTracking::Configuration {
   }
 }
 
+/**
+ * A taint-tracking configuration for detecting "shell command constructed from library input" vulnerabilities.
+ */
 module UnsafeShellCommandConstructionConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }