diff --git a/actions/ql/lib/change-notes/2026-03-26-remove-false-positive-sinks.md b/actions/ql/lib/change-notes/2026-03-26-remove-false-positive-sinks.md
new file mode 100644
index 000000000000..20ccc6d6c024
--- /dev/null
+++ b/actions/ql/lib/change-notes/2026-03-26-remove-false-positive-sinks.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Removed false positive injection sink models for the `context` input of `docker/build-push-action` and the `allowed-endpoints` input of `step-security/harden-runner`.
diff --git a/actions/ql/lib/ext/manual/docker_build-push-action.model.yml b/actions/ql/lib/ext/manual/docker_build-push-action.model.yml
deleted file mode 100644
index 116c231c30a4..000000000000
--- a/actions/ql/lib/ext/manual/docker_build-push-action.model.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/actions-all
-      extensible: actionsSinkModel
-    data:
-      - ["docker/build-push-action", "*", "input.context", "code-injection", "manual"]
\ No newline at end of file
diff --git a/actions/ql/lib/ext/manual/step-security_harden-runner.model.yml b/actions/ql/lib/ext/manual/step-security_harden-runner.model.yml
deleted file mode 100644
index 129c8beb0202..000000000000
--- a/actions/ql/lib/ext/manual/step-security_harden-runner.model.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/actions-all
-      extensible: actionsSinkModel
-    data:
-      - ["step-security/harden-runner", "*", "input.allowed-endpoints", "command-injection", "manual"]