diff --git a/app/audit.py b/app/audit.py
index aa8a6a0..cce622a 100644
--- a/app/audit.py
+++ b/app/audit.py
@@ -143,21 +143,19 @@ def query_audit_log(
 
     # Get total count
     count_row = db.execute(
-        f"SELECT COUNT(*) as total FROM audit_log WHERE {where_sql}",  # nosec B608
+        f"SELECT COUNT(*) as total FROM audit_log WHERE {where_sql}",  # noqa: S608  # nosec B608
         params,
     ).fetchone()
     total = count_row["total"] if count_row else 0
 
-    # Fetch entries
-    rows: list[Row] = db.execute(
-        f"""SELECT id, timestamp, event_type, client_id, client_ip,
+    # Fetch entries (where_sql built from trusted column names only)
+    query = f"""SELECT id, timestamp, event_type, client_id, client_ip,
                   paste_id, request_id, outcome, details
            FROM audit_log
            WHERE {where_sql}
            ORDER BY timestamp DESC
-           LIMIT ? OFFSET ?""",  # nosec B608
-        [*params, limit, offset],
-    ).fetchall()
+           LIMIT ? OFFSET ?"""  # noqa: S608  # nosec B608
+    rows: list[Row] = db.execute(query, [*params, limit, offset]).fetchall()
 
     entries = []
     for row in rows: