diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-011343.json b/shared-context/findings/hyperpolymath-hypatia/20260526-011343.json
new file mode 100644
index 00000000..5bb0b81f
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-011343.json
@@ -0,0 +1,98 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 1 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/shell_download_then_run.sh",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 1 day(s) old",
+      "type": "CSA001",
+      "file": ".github/workflows/dependabot-automerge.yml",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/shell_download_then_run.sh",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "91 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "39d257d9588ebddf4f0d3750753192f442b9fd68",
+    "submitted_at": "2026-05-26T01:13:44Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-011459.json b/shared-context/findings/hyperpolymath-hypatia/20260526-011459.json
new file mode 100644
index 00000000..d660d27e
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-011459.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 2 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "94 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "23e5f2cee887291d9101f62d9fd36ed6a37a13bb",
+    "submitted_at": "2026-05-26T01:15:00Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-011528.json b/shared-context/findings/hyperpolymath-hypatia/20260526-011528.json
new file mode 100644
index 00000000..2053be85
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-011528.json
@@ -0,0 +1,58 @@
+{
+  "findings": [
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "94 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "051d6856cbc990d926cd6cfe18154be8c256667b",
+    "submitted_at": "2026-05-26T01:15:29Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-012230.json b/shared-context/findings/hyperpolymath-hypatia/20260526-012230.json
new file mode 100644
index 00000000..c9cd4ceb
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-012230.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "94 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "76bab30467223e0cbecbb2392ae52156d727fe41",
+    "submitted_at": "2026-05-26T01:22:31Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-012647.json b/shared-context/findings/hyperpolymath-hypatia/20260526-012647.json
new file mode 100644
index 00000000..2845af75
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-012647.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 1 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "94 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "bdf113e8cd65748c6e0c6313c8eae37230fa7129",
+    "submitted_at": "2026-05-26T01:26:50Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-012747.json b/shared-context/findings/hyperpolymath-hypatia/20260526-012747.json
new file mode 100644
index 00000000..a591c8ad
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-012747.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "94 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "fe4e8b0e43e5bff71ca4a632841e6c83724ef29a",
+    "submitted_at": "2026-05-26T01:27:49Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-013024.json b/shared-context/findings/hyperpolymath-hypatia/20260526-013024.json
new file mode 100644
index 00000000..0295645c
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-013024.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "94 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "455ccbdd943803795f9f153c1f6c9b9cd61a47e6",
+    "submitted_at": "2026-05-26T01:30:25Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-013205.json b/shared-context/findings/hyperpolymath-hypatia/20260526-013205.json
new file mode 100644
index 00000000..045393dd
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-013205.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "94 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "99d61a725d7cc62a73618409e03a13ede8aa6611",
+    "submitted_at": "2026-05-26T01:32:06Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-013355.json b/shared-context/findings/hyperpolymath-hypatia/20260526-013355.json
new file mode 100644
index 00000000..dcc9fd18
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-013355.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 2 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "94 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "ab9aa0cd9971855941630f6a90ba0ae56e26ac0c",
+    "submitted_at": "2026-05-26T01:33:57Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-013409.json b/shared-context/findings/hyperpolymath-hypatia/20260526-013409.json
new file mode 100644
index 00000000..d4a27152
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-013409.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "92 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "0ee43301c851e5445a6d5b3101bbfcf8e9cb2c1e",
+    "submitted_at": "2026-05-26T01:34:10Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-013747.json b/shared-context/findings/hyperpolymath-hypatia/20260526-013747.json
new file mode 100644
index 00000000..31a54f78
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-013747.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 1 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "92 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "fce2b68d199fae907ffa5d36cb8a47e8a1fc42d7",
+    "submitted_at": "2026-05-26T01:37:48Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-014010.json b/shared-context/findings/hyperpolymath-hypatia/20260526-014010.json
new file mode 100644
index 00000000..2ff16e35
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-014010.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "88 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "79239e338ea663cc76d3df516d4d5ed9f2590cba",
+    "submitted_at": "2026-05-26T01:40:11Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-014033.json b/shared-context/findings/hyperpolymath-hypatia/20260526-014033.json
new file mode 100644
index 00000000..0b4d8ac0
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-014033.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "88 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "c853d155da23e32c7480d613591bb86fb5af0cae",
+    "submitted_at": "2026-05-26T01:40:34Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-014211.json b/shared-context/findings/hyperpolymath-hypatia/20260526-014211.json
new file mode 100644
index 00000000..97787c3e
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-014211.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "88 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "0339f278a2c0830c7da44d0a3943de824f4e32e3",
+    "submitted_at": "2026-05-26T01:42:13Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-014327.json b/shared-context/findings/hyperpolymath-hypatia/20260526-014327.json
new file mode 100644
index 00000000..24458c99
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-014327.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "88 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "a8e66c21ab6c1d04d28d47f5e5ce4fcb9086d36d",
+    "submitted_at": "2026-05-26T01:43:29Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-014554.json b/shared-context/findings/hyperpolymath-hypatia/20260526-014554.json
new file mode 100644
index 00000000..d1e08c6a
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-014554.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "88 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "93e38932c919a521c71bcf98690a60f409040570",
+    "submitted_at": "2026-05-26T01:45:56Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-014605.json b/shared-context/findings/hyperpolymath-hypatia/20260526-014605.json
new file mode 100644
index 00000000..7f3da9ff
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-014605.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 2 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "88 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "8c45c8b8e514daf0d16a4c142fe9800b35014825",
+    "submitted_at": "2026-05-26T01:46:07Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-014631.json b/shared-context/findings/hyperpolymath-hypatia/20260526-014631.json
new file mode 100644
index 00000000..1d184e96
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-014631.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "81 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "abf9613b6fd26e667b0ddf73cc799d5ee1427c0b",
+    "submitted_at": "2026-05-26T01:46:32Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-014908.json b/shared-context/findings/hyperpolymath-hypatia/20260526-014908.json
new file mode 100644
index 00000000..9b158cc1
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-014908.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "81 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "f4f6400a437b44956bac42d202ac73e72249201b",
+    "submitted_at": "2026-05-26T01:49:09Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-014943.json b/shared-context/findings/hyperpolymath-hypatia/20260526-014943.json
new file mode 100644
index 00000000..8b30c388
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-014943.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 2 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "81 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "bb70aeedca5d48b360875a78e4c3bae7407fd76e",
+    "submitted_at": "2026-05-26T01:49:45Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-015236.json b/shared-context/findings/hyperpolymath-hypatia/20260526-015236.json
new file mode 100644
index 00000000..26c7257a
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-015236.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "91 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "88427567746d9d0dfed37be54b6929d048998c98",
+    "submitted_at": "2026-05-26T01:52:37Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-015439.json b/shared-context/findings/hyperpolymath-hypatia/20260526-015439.json
new file mode 100644
index 00000000..e60c46f2
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-015439.json
@@ -0,0 +1,66 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 1 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "91 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "ead582621c312037ad4ca8d07963ed5291cae3ac",
+    "submitted_at": "2026-05-26T01:54:41Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-015601.json b/shared-context/findings/hyperpolymath-hypatia/20260526-015601.json
new file mode 100644
index 00000000..53f2ee3c
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-015601.json
@@ -0,0 +1,42 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "94 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "3f21c67e5ec4bcb327ba3295224c23b544c3e13d",
+    "submitted_at": "2026-05-26T01:56:02Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-015746.json b/shared-context/findings/hyperpolymath-hypatia/20260526-015746.json
new file mode 100644
index 00000000..6778a885
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-015746.json
@@ -0,0 +1,42 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "94 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "ab77541b3b600023e7b3307b1b45827ee1ded2b8",
+    "submitted_at": "2026-05-26T01:57:47Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-020230.json b/shared-context/findings/hyperpolymath-hypatia/20260526-020230.json
new file mode 100644
index 00000000..0520f5a0
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-020230.json
@@ -0,0 +1,42 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 1 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/code_scanning_alerts/CSA001 -- Hypatia code_scanning_alerts: CSA001 -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "test/soundness/fixtures/code_safety/getexn_on_external.res",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    },
+    {
+      "reason": "94 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "4d7a49e23d8d7fe996c77e442904357c14f913ef",
+    "submitted_at": "2026-05-26T02:02:32Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-070237.json b/shared-context/findings/hyperpolymath-hypatia/20260526-070237.json
new file mode 100644
index 00000000..068b0713
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-070237.json
@@ -0,0 +1,26 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 1 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "94 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "75c3019e6c18ae23da6f983b8ca23cacd2eaf4e3",
+    "submitted_at": "2026-05-26T07:02:38Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-075234.json b/shared-context/findings/hyperpolymath-hypatia/20260526-075234.json
new file mode 100644
index 00000000..48550cec
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-075234.json
@@ -0,0 +1,26 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "90 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "f1352811351b807807c817bf5d39fe6deeceeadc",
+    "submitted_at": "2026-05-26T07:52:37Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-080622.json b/shared-context/findings/hyperpolymath-hypatia/20260526-080622.json
new file mode 100644
index 00000000..86fc2efe
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-080622.json
@@ -0,0 +1,18 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 1 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "35f9f3c11a89bb77cc9a1dcc86279523575e2c33",
+    "submitted_at": "2026-05-26T08:06:24Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-081928.json b/shared-context/findings/hyperpolymath-hypatia/20260526-081928.json
new file mode 100644
index 00000000..eb58e5ba
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-081928.json
@@ -0,0 +1,18 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "4dbdeae0060a579c24a7b6589a10359c5a8dbe04",
+    "submitted_at": "2026-05-26T08:19:31Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-082239.json b/shared-context/findings/hyperpolymath-hypatia/20260526-082239.json
new file mode 100644
index 00000000..c2ca1f93
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-082239.json
@@ -0,0 +1,18 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 1 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "7d69b8ac144362a75c523d0b7e7d58d0eefe0c92",
+    "submitted_at": "2026-05-26T08:22:40Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-091531.json b/shared-context/findings/hyperpolymath-hypatia/20260526-091531.json
new file mode 100644
index 00000000..ba2cb1ac
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-091531.json
@@ -0,0 +1,18 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "9f4cc6ab45e728e9acf6a431004db7c08c3cff7e",
+    "submitted_at": "2026-05-26T09:15:33Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-092128.json b/shared-context/findings/hyperpolymath-hypatia/20260526-092128.json
new file mode 100644
index 00000000..9b315ec7
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-092128.json
@@ -0,0 +1,18 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "87da627ddc06326fe5e0a2209cc672c80b117a59",
+    "submitted_at": "2026-05-26T09:21:29Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-092336.json b/shared-context/findings/hyperpolymath-hypatia/20260526-092336.json
new file mode 100644
index 00000000..018f65f4
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-092336.json
@@ -0,0 +1,18 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 2 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "d89034e2ed86f88871bf117e9bdebf3ca56e8aa2",
+    "submitted_at": "2026-05-26T09:23:38Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-094753.json b/shared-context/findings/hyperpolymath-hypatia/20260526-094753.json
new file mode 100644
index 00000000..0ac8601a
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-094753.json
@@ -0,0 +1,18 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "4cfa11a4e2954a6a557021759457eacf2e5253b0",
+    "submitted_at": "2026-05-26T09:47:55Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-153933.json b/shared-context/findings/hyperpolymath-hypatia/20260526-153933.json
new file mode 100644
index 00000000..0ebf0c1a
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-153933.json
@@ -0,0 +1,26 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 0 day(s) old",
+      "type": "CSA001",
+      "file": ".github/workflows/hypatia-scan.yml",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "b375105ccfeb1b42b7b5b7f7fc7750249b562fa4",
+    "submitted_at": "2026-05-26T15:39:34Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-182053.json b/shared-context/findings/hyperpolymath-hypatia/20260526-182053.json
new file mode 100644
index 00000000..d98dc8c1
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-182053.json
@@ -0,0 +1,26 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 10 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 0 day(s) old",
+      "type": "CSA001",
+      "file": ".github/workflows/hypatia-scan.yml",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "7dd5ac1f0e429db9a758fe1e27f476db8835648a",
+    "submitted_at": "2026-05-26T18:20:55Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-204805.json b/shared-context/findings/hyperpolymath-hypatia/20260526-204805.json
new file mode 100644
index 00000000..212463eb
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-204805.json
@@ -0,0 +1,26 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 11 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 0 day(s) old",
+      "type": "CSA001",
+      "file": ".github/workflows/hypatia-scan.yml",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "165a64cb72161a25c85b553398ccdc171f4a1a18",
+    "submitted_at": "2026-05-26T20:48:07Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260526-233705.json b/shared-context/findings/hyperpolymath-hypatia/20260526-233705.json
new file mode 100644
index 00000000..b9ab2f37
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260526-233705.json
@@ -0,0 +1,26 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 13 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 0 day(s) old",
+      "type": "CSA001",
+      "file": ".github/workflows/hypatia-scan.yml",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "7b52083246750ac0e3213365fce936af0d424229",
+    "submitted_at": "2026-05-26T23:37:06Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260527-011433.json b/shared-context/findings/hyperpolymath-hypatia/20260527-011433.json
new file mode 100644
index 00000000..7302b822
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260527-011433.json
@@ -0,0 +1,26 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 13 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 0 day(s) old",
+      "type": "CSA001",
+      "file": ".github/workflows/hypatia-scan.yml",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "a2f3963f7d09979eca82856dcd821c15ff83601b",
+    "submitted_at": "2026-05-27T01:14:35Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260527-014655.json b/shared-context/findings/hyperpolymath-hypatia/20260527-014655.json
new file mode 100644
index 00000000..4f33effa
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260527-014655.json
@@ -0,0 +1,26 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 13 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 0 day(s) old",
+      "type": "CSA001",
+      "file": ".github/workflows/hypatia-scan.yml",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "bf54e411b831f24dd5800ec6408af7515ac715f8",
+    "submitted_at": "2026-05-27T01:46:56Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260527-032438.json b/shared-context/findings/hyperpolymath-hypatia/20260527-032438.json
new file mode 100644
index 00000000..9d35b179
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260527-032438.json
@@ -0,0 +1,26 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 13 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 0 day(s) old",
+      "type": "CSA001",
+      "file": ".github/workflows/hypatia-scan.yml",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "3f3d395c4d0eb5fee6ccdeea1d95b9bdd56dd1de",
+    "submitted_at": "2026-05-27T03:24:39Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260527-035841.json b/shared-context/findings/hyperpolymath-hypatia/20260527-035841.json
new file mode 100644
index 00000000..bdbabd31
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260527-035841.json
@@ -0,0 +1,26 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 13 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 0 day(s) old",
+      "type": "CSA001",
+      "file": ".github/workflows/hypatia-scan.yml",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "b23d8440f9096ddc46698dad94ccfbef645754f2",
+    "submitted_at": "2026-05-27T03:58:43Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260527-053401.json b/shared-context/findings/hyperpolymath-hypatia/20260527-053401.json
new file mode 100644
index 00000000..eba60c61
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260527-053401.json
@@ -0,0 +1,26 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 13 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 0 day(s) old",
+      "type": "CSA001",
+      "file": ".github/workflows/hypatia-scan.yml",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "3bb08c19c6405428be6ee224a1453ca9ec73bca4",
+    "submitted_at": "2026-05-27T05:34:03Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260527-083400.json b/shared-context/findings/hyperpolymath-hypatia/20260527-083400.json
new file mode 100644
index 00000000..94e506f5
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260527-083400.json
@@ -0,0 +1,26 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 16 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 0 day(s) old",
+      "type": "CSA001",
+      "file": ".github/workflows/hypatia-scan.yml",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "c8d8c3c1e6387747b21b5be73f0f14f7f8236283",
+    "submitted_at": "2026-05-27T08:34:01Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260527-112447.json b/shared-context/findings/hyperpolymath-hypatia/20260527-112447.json
new file mode 100644
index 00000000..2beeb167
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260527-112447.json
@@ -0,0 +1,26 @@
+{
+  "findings": [
+    {
+      "reason": "Repository has 11 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 0 day(s) old",
+      "type": "CSA001",
+      "file": ".github/workflows/hypatia-scan.yml",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "df0a03774727e0b2a3d54a88c0dc8d24e71e315f",
+    "submitted_at": "2026-05-27T11:24:49Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260527-212922.json b/shared-context/findings/hyperpolymath-hypatia/20260527-212922.json
new file mode 100644
index 00000000..ef3a12ce
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260527-212922.json
@@ -0,0 +1,586 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 1 day(s) old",
+      "type": "CSA001",
+      "file": ".github/workflows/hypatia-scan.yml",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "99783cbf508e28c8e183781deccdeaecd6aeafef",
+    "submitted_at": "2026-05-27T21:29:23Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260527-214623.json b/shared-context/findings/hyperpolymath-hypatia/20260527-214623.json
new file mode 100644
index 00000000..9aaf7d64
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260527-214623.json
@@ -0,0 +1,586 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 1 day(s) old",
+      "type": "CSA001",
+      "file": ".github/workflows/hypatia-scan.yml",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "be4576e47b901e4462720542bca8f49528ea9223",
+    "submitted_at": "2026-05-27T21:46:25Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-001550.json b/shared-context/findings/hyperpolymath-hypatia/20260528-001550.json
new file mode 100644
index 00000000..094090b8
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-001550.json
@@ -0,0 +1,586 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 1 day(s) old",
+      "type": "CSA001",
+      "file": ".github/workflows/hypatia-scan.yml",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "9ff95b49c1fcfe284bb4c5a866be5e4e502c81fe",
+    "submitted_at": "2026-05-28T00:15:53Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-005433.json b/shared-context/findings/hyperpolymath-hypatia/20260528-005433.json
new file mode 100644
index 00000000..1571ab2f
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-005433.json
@@ -0,0 +1,586 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 2 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Scorecard): TokenPermissionsID -- Token-Permissions -- 1 day(s) old",
+      "type": "CSA001",
+      "file": ".github/workflows/hypatia-scan.yml",
+      "action": "update",
+      "rule_module": "code_scanning_alerts",
+      "severity": "high"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "22ef9f3d86ac9ea81c6a6dc23e87aaeb6e541515",
+    "submitted_at": "2026-05-28T00:54:35Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-073741.json b/shared-context/findings/hyperpolymath-hypatia/20260528-073741.json
new file mode 100644
index 00000000..f98b41d3
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-073741.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "ed84f6a389493a45c38653db96babfa931adc322",
+    "submitted_at": "2026-05-28T07:37:43Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-073830.json b/shared-context/findings/hyperpolymath-hypatia/20260528-073830.json
new file mode 100644
index 00000000..dbb77a83
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-073830.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 2 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "e240a9fb7b0779c3d49de7807a1d021c06dc121a",
+    "submitted_at": "2026-05-28T07:38:33Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-090641.json b/shared-context/findings/hyperpolymath-hypatia/20260528-090641.json
new file mode 100644
index 00000000..61732d2b
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-090641.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "436934e00cd6ed749bbf41a000ecc7b03b3c4423",
+    "submitted_at": "2026-05-28T09:06:42Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-090703.json b/shared-context/findings/hyperpolymath-hypatia/20260528-090703.json
new file mode 100644
index 00000000..c678cd5b
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-090703.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 2 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "3fab64a068f0ee0b33b972949c325dcf885b6a68",
+    "submitted_at": "2026-05-28T09:07:04Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-102834.json b/shared-context/findings/hyperpolymath-hypatia/20260528-102834.json
new file mode 100644
index 00000000..f57bb7a6
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-102834.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "e00725e8caff606395926bd9c92f8a097304ddd7",
+    "submitted_at": "2026-05-28T10:28:36Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-102840.json b/shared-context/findings/hyperpolymath-hypatia/20260528-102840.json
new file mode 100644
index 00000000..2e9a13e5
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-102840.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 2 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "a0f75e4ac512be5534a00255a90ab8c1d5646084",
+    "submitted_at": "2026-05-28T10:28:41Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-110227.json b/shared-context/findings/hyperpolymath-hypatia/20260528-110227.json
new file mode 100644
index 00000000..2a217b8b
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-110227.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "6690f03e1e16c4dd14c7c037ad2a580f3dea8611",
+    "submitted_at": "2026-05-28T11:02:28Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-131620.json b/shared-context/findings/hyperpolymath-hypatia/20260528-131620.json
new file mode 100644
index 00000000..2ce02987
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-131620.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 2 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "8e0030726e09e202a2818906ac9f731ea1d9b994",
+    "submitted_at": "2026-05-28T13:16:22Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-132512.json b/shared-context/findings/hyperpolymath-hypatia/20260528-132512.json
new file mode 100644
index 00000000..187a92c9
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-132512.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "47694f7ecacff6d03c973405a07839e139b72de4",
+    "submitted_at": "2026-05-28T13:25:14Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-132526.json b/shared-context/findings/hyperpolymath-hypatia/20260528-132526.json
new file mode 100644
index 00000000..738ba4cb
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-132526.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 2 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "964112572a2842a44e3176393d20141a888b42ca",
+    "submitted_at": "2026-05-28T13:25:27Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-133213.json b/shared-context/findings/hyperpolymath-hypatia/20260528-133213.json
new file mode 100644
index 00000000..73b970fc
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-133213.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "e704c44b2e0aa37ae11a6c00224b79cab47e7151",
+    "submitted_at": "2026-05-28T13:32:16Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-133301.json b/shared-context/findings/hyperpolymath-hypatia/20260528-133301.json
new file mode 100644
index 00000000..5139c378
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-133301.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 5 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "abab26bd97f2979d46015a56eed3b06599caa37f",
+    "submitted_at": "2026-05-28T13:33:03Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-133400.json b/shared-context/findings/hyperpolymath-hypatia/20260528-133400.json
new file mode 100644
index 00000000..48736cb7
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-133400.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "c9fd28fe450135ee95b4d57da19955b21dc66077",
+    "submitted_at": "2026-05-28T13:34:02Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-133932.json b/shared-context/findings/hyperpolymath-hypatia/20260528-133932.json
new file mode 100644
index 00000000..def48619
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-133932.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 5 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "29002339a2b31eddad9628098eafbc67e08f1ed2",
+    "submitted_at": "2026-05-28T13:39:33Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-134041.json b/shared-context/findings/hyperpolymath-hypatia/20260528-134041.json
new file mode 100644
index 00000000..ce8cf9d6
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-134041.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 5 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "13abd560eeb056af5713f0a9e264d00eb7f1cc33",
+    "submitted_at": "2026-05-28T13:40:43Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-134738.json b/shared-context/findings/hyperpolymath-hypatia/20260528-134738.json
new file mode 100644
index 00000000..df6419df
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-134738.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "524f754100b42d2a2b5890706b8510b5d66a715d",
+    "submitted_at": "2026-05-28T13:47:40Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-134944.json b/shared-context/findings/hyperpolymath-hypatia/20260528-134944.json
new file mode 100644
index 00000000..8292a2e8
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-134944.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 5 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "78a9991f378c9854b7283ca46d469eb7913e1787",
+    "submitted_at": "2026-05-28T13:49:46Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-143718.json b/shared-context/findings/hyperpolymath-hypatia/20260528-143718.json
new file mode 100644
index 00000000..a8a92e87
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-143718.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 6 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "6fbfececabb178b0bd42d0b28c4f0934047675ce",
+    "submitted_at": "2026-05-28T14:37:21Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-144232.json b/shared-context/findings/hyperpolymath-hypatia/20260528-144232.json
new file mode 100644
index 00000000..75d80f90
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-144232.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 7 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "4d44a1d8c7eac28e419142cd374cdeb281b333b9",
+    "submitted_at": "2026-05-28T14:42:33Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-145038.json b/shared-context/findings/hyperpolymath-hypatia/20260528-145038.json
new file mode 100644
index 00000000..c1870f17
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-145038.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 8 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "5fae4da9feef43007b8786b1b6501dc164b0ef36",
+    "submitted_at": "2026-05-28T14:50:40Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-145813.json b/shared-context/findings/hyperpolymath-hypatia/20260528-145813.json
new file mode 100644
index 00000000..e118fa08
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-145813.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 9 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "0b5f912dc9557f6cffb8004cfe4bb3c1772d3729",
+    "submitted_at": "2026-05-28T14:58:14Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-150519.json b/shared-context/findings/hyperpolymath-hypatia/20260528-150519.json
new file mode 100644
index 00000000..a805e165
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-150519.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 10 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "9007d8bbe07bb22fc230b058f4701f35b34e51a3",
+    "submitted_at": "2026-05-28T15:05:20Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-151602.json b/shared-context/findings/hyperpolymath-hypatia/20260528-151602.json
new file mode 100644
index 00000000..4b5083eb
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-151602.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 11 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "95e3c28937b43e7ce1147ebf1905ba106bd1c132",
+    "submitted_at": "2026-05-28T15:16:03Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-154303.json b/shared-context/findings/hyperpolymath-hypatia/20260528-154303.json
new file mode 100644
index 00000000..973cb4b1
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-154303.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 10 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "e246bec89d8e898475b16c9e3e4060d11ce2d141",
+    "submitted_at": "2026-05-28T15:43:05Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-154309.json b/shared-context/findings/hyperpolymath-hypatia/20260528-154309.json
new file mode 100644
index 00000000..eca9f1f4
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-154309.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 9 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "9ed7a7ed3955bb2ff543ed873c5660f2613cf166",
+    "submitted_at": "2026-05-28T15:43:11Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-154333.json b/shared-context/findings/hyperpolymath-hypatia/20260528-154333.json
new file mode 100644
index 00000000..7698aa89
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-154333.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 10 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "09a907407c57d2101e08f44a61d296de0d673677",
+    "submitted_at": "2026-05-28T15:43:35Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-154338.json b/shared-context/findings/hyperpolymath-hypatia/20260528-154338.json
new file mode 100644
index 00000000..bce20c14
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-154338.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 10 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "462e5d6064f4b7e105e2943984c1e01a771a1470",
+    "submitted_at": "2026-05-28T15:43:41Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-154358.json b/shared-context/findings/hyperpolymath-hypatia/20260528-154358.json
new file mode 100644
index 00000000..8bd892c3
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-154358.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 10 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "0eadab5d1028be829b333c3e7284bb95fd2efdcc",
+    "submitted_at": "2026-05-28T15:43:59Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-154452.json b/shared-context/findings/hyperpolymath-hypatia/20260528-154452.json
new file mode 100644
index 00000000..239d267f
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-154452.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 10 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "5386aa8abe5df1e9a10fb8b96aa89f7a56a9818f",
+    "submitted_at": "2026-05-28T15:44:54Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-164549.json b/shared-context/findings/hyperpolymath-hypatia/20260528-164549.json
new file mode 100644
index 00000000..7a4686f5
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-164549.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 8 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "ec44d75123beca4951050523cd92144f9cf0c85e",
+    "submitted_at": "2026-05-28T16:45:51Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-164555.json b/shared-context/findings/hyperpolymath-hypatia/20260528-164555.json
new file mode 100644
index 00000000..edd5c988
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-164555.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 9 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "3dfe38de25e9034bb85e4ba16c0092be2db156b0",
+    "submitted_at": "2026-05-28T16:45:56Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-165001.json b/shared-context/findings/hyperpolymath-hypatia/20260528-165001.json
new file mode 100644
index 00000000..704f9733
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-165001.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 7 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "c0d01a52b20dd563c536e60cd35e66846f340b07",
+    "submitted_at": "2026-05-28T16:50:02Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-165030.json b/shared-context/findings/hyperpolymath-hypatia/20260528-165030.json
new file mode 100644
index 00000000..ae2a3c3a
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-165030.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 8 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "e39662321bb3e23f488ec7ae36cf0d2809ca3c48",
+    "submitted_at": "2026-05-28T16:50:31Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-183335.json b/shared-context/findings/hyperpolymath-hypatia/20260528-183335.json
new file mode 100644
index 00000000..58ce0435
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-183335.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 6 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "2a2198d626a0013eb65319a5099bbf62604b94db",
+    "submitted_at": "2026-05-28T18:33:37Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-183346.json b/shared-context/findings/hyperpolymath-hypatia/20260528-183346.json
new file mode 100644
index 00000000..ae05ee20
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-183346.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 7 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "ef243fead2ae84fbd7addbbbe773c8e39fe77c0e",
+    "submitted_at": "2026-05-28T18:33:49Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-183351.json b/shared-context/findings/hyperpolymath-hypatia/20260528-183351.json
new file mode 100644
index 00000000..f894f411
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-183351.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 7 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "6bf6cf7bf1bb244127f4047a97a1c83e94ff05f3",
+    "submitted_at": "2026-05-28T18:33:52Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-183403.json b/shared-context/findings/hyperpolymath-hypatia/20260528-183403.json
new file mode 100644
index 00000000..4818978a
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-183403.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 7 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "5a0f7fb35f126656c1f69fc87d08ecf811797b44",
+    "submitted_at": "2026-05-28T18:34:06Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-191031.json b/shared-context/findings/hyperpolymath-hypatia/20260528-191031.json
new file mode 100644
index 00000000..a709fe3d
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-191031.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 5 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "9b0875f2532eadb9e4f07219d8f8f175e4572c8a",
+    "submitted_at": "2026-05-28T19:10:33Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-191053.json b/shared-context/findings/hyperpolymath-hypatia/20260528-191053.json
new file mode 100644
index 00000000..b910df3a
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-191053.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 6 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "cb77b4ca70171b4292a05b9e1a78469f05cdb30a",
+    "submitted_at": "2026-05-28T19:10:56Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-201219.json b/shared-context/findings/hyperpolymath-hypatia/20260528-201219.json
new file mode 100644
index 00000000..673bfa99
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-201219.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "8e042e66fd59ad033b19d83727079228b78f910e",
+    "submitted_at": "2026-05-28T20:12:22Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-201621.json b/shared-context/findings/hyperpolymath-hypatia/20260528-201621.json
new file mode 100644
index 00000000..86712573
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-201621.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 5 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "53c04850ecde52d20b68e171774e05249a181cfe",
+    "submitted_at": "2026-05-28T20:16:23Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-201906.json b/shared-context/findings/hyperpolymath-hypatia/20260528-201906.json
new file mode 100644
index 00000000..556ebbb2
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-201906.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 5 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "a2b1446291cf1ed5abd668d62c356cf267d628bf",
+    "submitted_at": "2026-05-28T20:19:07Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-202042.json b/shared-context/findings/hyperpolymath-hypatia/20260528-202042.json
new file mode 100644
index 00000000..b98c5c01
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-202042.json
@@ -0,0 +1,834 @@
+{
+  "findings": [
+    {
+      "reason": "Action urin 21 JRE\n        uses: actions/setup-java@be666c2fcd27 needs attention",
+      "type": "unpinned_action",
+      "file": "verify-proofs.yml",
+      "action": "pin_sha",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "8494494610ca71c8ae508fd879eda43a32053c2e",
+    "submitted_at": "2026-05-28T20:20:43Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-202046.json b/shared-context/findings/hyperpolymath-hypatia/20260528-202046.json
new file mode 100644
index 00000000..f68e0c21
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-202046.json
@@ -0,0 +1,834 @@
+{
+  "findings": [
+    {
+      "reason": "Action urin 21 JRE\n        uses: actions/setup-java@be666c2fcd27 needs attention",
+      "type": "unpinned_action",
+      "file": "verify-proofs.yml",
+      "action": "pin_sha",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "rust.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "a5c471b031292b7d055eb05db21be24fc1b2471d",
+    "submitted_at": "2026-05-28T20:20:48Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-202430.json b/shared-context/findings/hyperpolymath-hypatia/20260528-202430.json
new file mode 100644
index 00000000..415aed08
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-202430.json
@@ -0,0 +1,834 @@
+{
+  "findings": [
+    {
+      "reason": "Action urin 21 JRE\n        uses: actions/setup-java@be666c2fcd27 needs attention",
+      "type": "unpinned_action",
+      "file": "verify-proofs.yml",
+      "action": "pin_sha",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 2 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unpinned_action -- Hypatia workflow_audit: unpinned_action -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "verify-proofs.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "scorecard.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "30 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "6b0a8589fd9a1f5cadfb5730b13fb7d39bca31d5",
+    "submitted_at": "2026-05-28T20:24:31Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-202820.json b/shared-context/findings/hyperpolymath-hypatia/20260528-202820.json
new file mode 100644
index 00000000..5f6a5b78
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-202820.json
@@ -0,0 +1,826 @@
+{
+  "findings": [
+    {
+      "reason": "Action urin 21 JRE\n        uses: actions/setup-java@be666c2fcd27 needs attention",
+      "type": "unpinned_action",
+      "file": "verify-proofs.yml",
+      "action": "pin_sha",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Repository has 2 non-main remote branch(es). Policy: single main branch only.",
+      "type": "GS007",
+      "file": ".",
+      "action": "delete_remote_branches",
+      "rule_module": "git_state",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unpinned_action -- Hypatia workflow_audit: unpinned_action -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "verify-proofs.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "29 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "8e55097a89ffc00022b603f0df8187c2967bb835",
+    "submitted_at": "2026-05-28T20:28:22Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-203355.json b/shared-context/findings/hyperpolymath-hypatia/20260528-203355.json
new file mode 100644
index 00000000..daa4d33a
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-203355.json
@@ -0,0 +1,818 @@
+{
+  "findings": [
+    {
+      "reason": "Action urin 21 JRE\n        uses: actions/setup-java@be666c2fcd27 needs attention",
+      "type": "unpinned_action",
+      "file": "verify-proofs.yml",
+      "action": "pin_sha",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unpinned_action -- Hypatia workflow_audit: unpinned_action -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "verify-proofs.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "29 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "12fc455d38dfde040417d23bed569b9ad58bb1c9",
+    "submitted_at": "2026-05-28T20:33:57Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/20260528-234939.json b/shared-context/findings/hyperpolymath-hypatia/20260528-234939.json
new file mode 100644
index 00000000..fedbd14f
--- /dev/null
+++ b/shared-context/findings/hyperpolymath-hypatia/20260528-234939.json
@@ -0,0 +1,818 @@
+{
+  "findings": [
+    {
+      "reason": "Action urin 21 JRE\n        uses: actions/setup-java@be666c2fcd27 needs attention",
+      "type": "unpinned_action",
+      "file": "verify-proofs.yml",
+      "action": "pin_sha",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in ci.yml",
+      "type": "unknown",
+      "file": "ci.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in clusterfuzzlite.yml",
+      "type": "unknown",
+      "file": "clusterfuzzlite.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in codeql.yml",
+      "type": "unknown",
+      "file": "codeql.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dependabot-automerge.yml",
+      "type": "unknown",
+      "file": "dependabot-automerge.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in dogfood-gate.yml",
+      "type": "unknown",
+      "file": "dogfood-gate.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in governance.yml",
+      "type": "unknown",
+      "file": "governance.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in hypatia-scan.yml",
+      "type": "unknown",
+      "file": "hypatia-scan.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in language-blockers.yml",
+      "type": "unknown",
+      "file": "language-blockers.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in mirror.yml",
+      "type": "unknown",
+      "file": "mirror.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in quality.yml",
+      "type": "unknown",
+      "file": "quality.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in release.yml",
+      "type": "unknown",
+      "file": "release.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in rust.yml",
+      "type": "unknown",
+      "file": "rust.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in scorecard.yml",
+      "type": "unknown",
+      "file": "scorecard.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in secret-scanner.yml",
+      "type": "unknown",
+      "file": "secret-scanner.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in security-policy.yml",
+      "type": "unknown",
+      "file": "security-policy.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Issue in tests.yml",
+      "type": "unknown",
+      "file": "tests.yml",
+      "action": "flag",
+      "rule_module": "workflow_audit",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unpinned_action -- Hypatia workflow_audit: unpinned_action -- 0 day(s) old",
+      "type": "CSA001",
+      "file": "verify-proofs.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "tests.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "security-policy.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old",
+      "type": "CSA001",
+      "file": "secret-scanner.yml",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    },
+    {
+      "reason": "29 total open code-scanning alert(s) -- security hygiene review",
+      "type": "CSA002",
+      "file": "hyperpolymath/hypatia",
+      "action": "review",
+      "rule_module": "code_scanning_alerts",
+      "severity": "medium"
+    }
+  ],
+  "submission_metadata": {
+    "repo": "hyperpolymath/hypatia",
+    "commit": "55e87455fe7bcb1bb1734266d673698418769749",
+    "submitted_at": "2026-05-28T23:49:40Z",
+    "scanner_version": "hypatia-v2"
+  }
+}
diff --git a/shared-context/findings/hyperpolymath-hypatia/latest.json b/shared-context/findings/hyperpolymath-hypatia/latest.json
index 88462bda..2f95f451 120000
--- a/shared-context/findings/hyperpolymath-hypatia/latest.json
+++ b/shared-context/findings/hyperpolymath-hypatia/latest.json
@@ -1 +1 @@
-20260526-004001.json
\ No newline at end of file
+20260528-234939.json
\ No newline at end of file