diff --git a/ibis/backends/mssql/__init__.py b/ibis/backends/mssql/__init__.py
index 6611db20628f..426aaecfddfc 100644
--- a/ibis/backends/mssql/__init__.py
+++ b/ibis/backends/mssql/__init__.py
@@ -319,6 +319,13 @@ def _get_schema_using_query(self, query: str) -> sch.Schema:
         # us to pre-filter the columns we want back.
         # The syntax is:
         # `sys.dm_exec_describe_first_result_set(@tsql, @params, @include_browse_information)`
+        #
+        # Yes, this *is* a SQL injection risk, but it's not clear how to avoid
+        # that since we allow users to pass arbitrary SQL.
+        #
+        # SQLGlot has a bug that forces capitalization of
+        # `dm_exec_describe_first_result_set`, so we can't even use its builder
+        # APIs. That doesn't really solve the injection problem though.
         query = f"""
         SELECT
           name,
@@ -330,7 +337,7 @@ def _get_schema_using_query(self, query: str) -> sch.Schema:
           error_message
         FROM sys.dm_exec_describe_first_result_set(N{tsql}, NULL, 0)
         ORDER BY column_ordinal
-        """
+        """  # noqa: S608
         with self._safe_raw_sql(query) as cur:
             rows = cur.fetchall()