diff --git a/public/index.html b/public/index.html
index ff71cc6..9ea140e 100644
--- a/public/index.html
+++ b/public/index.html
@@ -1264,6 +1264,7 @@ <h3>No Staged Changes</h3>
                 // Append all file items to the container in a single operation
                 container.appendChild(fragment);
             } catch (error) {
+                // SECURITY: escapeHtml prevents XSS if error message contains malicious input
                 document.getElementById('fileList').innerHTML = `
                     <div class="error-message">
                         Error loading files: ${escapeHtml(error.message)}