diff --git a/.jules/sentinel.md b/.jules/sentinel.md
new file mode 100644
index 0000000..0a288e6
--- /dev/null
+++ b/.jules/sentinel.md
@@ -0,0 +1,4 @@
+## 2024-05-31 - [Prevent Prototype Pollution in Lua Labels]
+**Vulnerability:** The Lua labels dictionary was initialized using an object literal (`{}`), which could allow an attacker to bypass checks or pollute prototypes if user-supplied string keys (such as `"__proto__"`) are used.
+**Learning:** Using `{}` for dictionaries with user-controlled keys exposes the object to prototype modification through the `__proto__` property, even if `hasOwnProperty` is used for existence checks.
+**Prevention:** Always initialize dictionaries meant to store user-supplied string keys with `Object.create ? Object.create(null) : {}` to prevent prototype pollution and fallback gracefully.
diff --git a/luaparse.js b/luaparse.js
index a6bcbac..7f60102 100644
--- a/luaparse.js
+++ b/luaparse.js
@@ -1674,7 +1674,7 @@
 
   FullFlowContext.prototype.pushScope = function (isLoop) {
     var scope = {
-      labels: {},
+      labels: Object.create ? Object.create(null) : {},
       locals: [],
       deferredGotos: [],
       isLoop: !!isLoop