diff --git a/.github/workflows/pipelock.yml b/.github/workflows/pipelock.yml
index ad538b51d..3668c0a49 100644
--- a/.github/workflows/pipelock.yml
+++ b/.github/workflows/pipelock.yml
@@ -24,5 +24,3 @@ jobs:
           test-vectors: 'false'
           exclude-paths: |
             config/locales/views/reports/
-            # False positive: client.rb stores Bearer token and sends Authorization header by design
-            app/models/assistant/external/client.rb
diff --git a/app/models/assistant/external/client.rb b/app/models/assistant/external/client.rb
index c6d680e8e..ec2559a3f 100644
--- a/app/models/assistant/external/client.rb
+++ b/app/models/assistant/external/client.rb
@@ -20,7 +20,7 @@ class Assistant::External::Client
 
   def initialize(url:, token:, agent_id: "main", session_key: "agent:main:main")
     @url = url
-    @token = token
+    @token = token # pipelock:ignore Credential in URL
     @agent_id = agent_id
     @session_key = session_key
   end