diff --git a/changelog/change_add_safety_section_to_all_cops_that_are.md b/changelog/change_add_safety_section_to_all_cops_that_are.md
new file mode 100644
index 00000000000..d32d7ddd0d6
--- /dev/null
+++ b/changelog/change_add_safety_section_to_all_cops_that_are.md
@@ -0,0 +1 @@
+* [#8431](https://github.com/rubocop/rubocop/issues/8431): Add `Safety` section to documentation for all cops that are `Safe: false` or `SafeAutoCorrect: false`. ([@dvandersluis][])
diff --git a/config/default.yml b/config/default.yml
index 6bf19087db2..02c9f49f55e 100644
--- a/config/default.yml
+++ b/config/default.yml
@@ -3708,7 +3708,7 @@ Style/InPatternThen:
 Style/InfiniteLoop:
   Description: >-
                  Use Kernel#loop for infinite loops.
-                 This cop is unsafe in the body may raise a `StopIteration` exception.
+                 This cop is unsafe if the body may raise a `StopIteration` exception.
   Safe: false
   StyleGuide: '#infinite-loop'
   Enabled: true
diff --git a/lib/rubocop/cop/lint/ambiguous_range.rb b/lib/rubocop/cop/lint/ambiguous_range.rb
index eb4b106544c..e384b6f1130 100644
--- a/lib/rubocop/cop/lint/ambiguous_range.rb
+++ b/lib/rubocop/cop/lint/ambiguous_range.rb
@@ -10,12 +10,6 @@ module Lint
       # explicit by requiring parenthesis around complex range boundaries (anything
       # that is not a basic literal: numerics, strings, symbols, etc.).
       #
-      # NOTE: The cop auto-corrects by wrapping the entire boundary in parentheses, which
-      # makes the outcome more explicit but is possible to not be the intention of the
-      # programmer. For this reason, this cop's auto-correct is marked as unsafe (it
-      # will not change the behaviour of the code, but will not necessarily match the
-      # intent of the program).
-      #
       # This cop can be configured with `RequireParenthesesForMethodChains` in order to
       # specify whether method chains (including `self.foo`) should be wrapped in parens
       # by this cop.
@@ -23,6 +17,13 @@ module Lint
       # NOTE: Regardless of this configuration, if a method receiver is a basic literal
       # value, it will be wrapped in order to prevent the ambiguity of `1..2.to_a`.
       #
+      # @safety
+      #   The cop auto-corrects by wrapping the entire boundary in parentheses, which
+      #   makes the outcome more explicit but is possible to not be the intention of the
+      #   programmer. For this reason, this cop's auto-correct is unsafe (it will not
+      #   change the behaviour of the code, but will not necessarily match the
+      #   intent of the program).
+      #
       # @example
       #   # bad
       #   x || 1..2
@@ -55,7 +56,6 @@ module Lint
       #
       #   # good
       #   (a.foo)..(b.bar)
-      #
       class AmbiguousRange < Base
         extend AutoCorrector
 
diff --git a/lib/rubocop/cop/lint/binary_operator_with_identical_operands.rb b/lib/rubocop/cop/lint/binary_operator_with_identical_operands.rb
index 1af3b74ef0d..5c042276946 100644
--- a/lib/rubocop/cop/lint/binary_operator_with_identical_operands.rb
+++ b/lib/rubocop/cop/lint/binary_operator_with_identical_operands.rb
@@ -17,9 +17,16 @@ module Lint
       # always be the same (`x - x` will always be 0; `x / x` will always be 1), and
       # thus are legitimate offenses.
       #
-      # This cop is marked as unsafe as it does not consider side effects when calling methods
-      # and thus can generate false positives:
+      # @safety
+      #   This cop is unsafe as it does not consider side effects when calling methods
+      #   and thus can generate false positives, for example:
+      #
+      #   [source,ruby]
+      #   ----
       #   if wr.take_char == '\0' && wr.take_char == '\0'
+      #     # ...
+      #   end
+      #   ----
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/lint/boolean_symbol.rb b/lib/rubocop/cop/lint/boolean_symbol.rb
index e8fd68d7ac5..02732f8a3db 100644
--- a/lib/rubocop/cop/lint/boolean_symbol.rb
+++ b/lib/rubocop/cop/lint/boolean_symbol.rb
@@ -6,6 +6,11 @@ module Lint
       # This cop checks for `:true` and `:false` symbols.
       # In most cases it would be a typo.
       #
+      # @safety
+      #   Autocorrection is unsafe for this cop because code relying
+      #   on `:true` or `:false` symbols will break when those are
+      #   changed to actual booleans.
+      #
       # @example
       #
       #   # bad
diff --git a/lib/rubocop/cop/lint/disjunctive_assignment_in_constructor.rb b/lib/rubocop/cop/lint/disjunctive_assignment_in_constructor.rb
index f74c0799ecf..3b07c24d5f0 100644
--- a/lib/rubocop/cop/lint/disjunctive_assignment_in_constructor.rb
+++ b/lib/rubocop/cop/lint/disjunctive_assignment_in_constructor.rb
@@ -3,7 +3,7 @@
 module RuboCop
   module Cop
     module Lint
-      # This cop checks constructors for disjunctive assignments that should
+      # This cop checks constructors for disjunctive assignments (`||=`) that should
       # be plain assignments.
       #
       # So far, this cop is only concerned with disjunctive assignment of
@@ -12,6 +12,29 @@ module Lint
       # In ruby, an instance variable is nil until a value is assigned, so the
       # disjunction is unnecessary. A plain assignment has the same effect.
       #
+      # @safety
+      #   This cop is unsafe because it can register a false positive when a
+      #   method is redefined in a subclass that calls super. For example:
+      #
+      #   [source,ruby]
+      #   ----
+      #   class Base
+      #     def initialize
+      #       @config ||= 'base'
+      #     end
+      #   end
+      #
+      #   class Derived < Base
+      #     def initialize
+      #       @config = 'derived'
+      #       super
+      #     end
+      #   end
+      #   ----
+      #
+      #   Without the disjunctive assignment, `Derived` will be unable to override
+      #   the value for `@config`.
+      #
       # @example
       #   # bad
       #   def initialize
diff --git a/lib/rubocop/cop/lint/hash_compare_by_identity.rb b/lib/rubocop/cop/lint/hash_compare_by_identity.rb
index f98c850223c..5305e48277d 100644
--- a/lib/rubocop/cop/lint/hash_compare_by_identity.rb
+++ b/lib/rubocop/cop/lint/hash_compare_by_identity.rb
@@ -3,10 +3,19 @@
 module RuboCop
   module Cop
     module Lint
-      # Prefer using `Hash#compare_by_identity` than using `object_id` for hash keys.
+      # Prefer using `Hash#compare_by_identity` rather than using `object_id`
+      # for hash keys.
       #
-      # This cop is marked as unsafe as a hash possibly can contain other keys
-      # besides `object_id`s.
+      # This cop looks for hashes being keyed by objects' `object_id`, using
+      # one of these methods: `key?`, `has_key?`, `fetch`, `[]` and `[]=`.
+      #
+      # @safety
+      #   This cop is unsafe. Although unlikely, the hash could store both object
+      #   ids and other values that need be compared by value, and thus
+      #   could be a false positive.
+      #
+      #   Furthermore, this cop cannot guarantee that the receiver of one of the
+      #   methods (`key?`, etc.) is actually a hash.
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/lint/interpolation_check.rb b/lib/rubocop/cop/lint/interpolation_check.rb
index 3012358db3f..8fc44b9c9f0 100644
--- a/lib/rubocop/cop/lint/interpolation_check.rb
+++ b/lib/rubocop/cop/lint/interpolation_check.rb
@@ -5,6 +5,11 @@ module Cop
     module Lint
       # This cop checks for interpolation in a single quoted string.
       #
+      # @safety
+      #   This cop is generally safe, but is marked as unsafe because
+      #   it is possible to actually intentionally have text inside
+      #   `#{...}` in a single quoted string.
+      #
       # @example
       #
       #   # bad
diff --git a/lib/rubocop/cop/lint/loop.rb b/lib/rubocop/cop/lint/loop.rb
index 8254b09f768..e65b36bbe1f 100644
--- a/lib/rubocop/cop/lint/loop.rb
+++ b/lib/rubocop/cop/lint/loop.rb
@@ -5,9 +5,10 @@ module Cop
     module Lint
       # This cop checks for uses of `begin...end while/until something`.
       #
-      # The cop is marked as unsafe because behaviour can change in some cases, including
-      # if a local variable inside the loop body is accessed outside of it, or if the
-      # loop body raises a `StopIteration` exception (which `Kernel#loop` rescues).
+      # @safety
+      #   The cop is unsafe because behaviour can change in some cases, including
+      #   if a local variable inside the loop body is accessed outside of it, or if the
+      #   loop body raises a `StopIteration` exception (which `Kernel#loop` rescues).
       #
       # @example
       #
diff --git a/lib/rubocop/cop/lint/non_deterministic_require_order.rb b/lib/rubocop/cop/lint/non_deterministic_require_order.rb
index 36005e38c09..1fba59f8278 100644
--- a/lib/rubocop/cop/lint/non_deterministic_require_order.rb
+++ b/lib/rubocop/cop/lint/non_deterministic_require_order.rb
@@ -14,7 +14,11 @@ module Lint
       # `Dir.glob` and `Dir[]` sort globbed results by default in Ruby 3.0.
       # So all bad cases are acceptable when Ruby 3.0 or higher are used.
       #
-      # This cop will be deprecated and removed when supporting only Ruby 3.0 and higher.
+      # NOTE: This cop will be deprecated and removed when supporting only Ruby 3.0 and higher.
+      #
+      # @safety
+      #   This cop is unsafe in the case where sorting files changes existing
+      #   expected behaviour.
       #
       # @example
       #
diff --git a/lib/rubocop/cop/lint/number_conversion.rb b/lib/rubocop/cop/lint/number_conversion.rb
index a61bc973d3b..fd9e1b7871d 100644
--- a/lib/rubocop/cop/lint/number_conversion.rb
+++ b/lib/rubocop/cop/lint/number_conversion.rb
@@ -18,6 +18,11 @@ module Lint
       # cop by default). Similarly, Rails' duration methods do not work well
       # with `Integer()` and can be ignored with `IgnoredMethods`.
       #
+      # @safety
+      #   Autocorrection is unsafe because it is not guaranteed that the
+      #   replacement `Kernel` methods are able to properly handle the
+      #   input if it is not a standard class.
+      #
       # @example
       #
       #   # bad
diff --git a/lib/rubocop/cop/lint/or_assignment_to_constant.rb b/lib/rubocop/cop/lint/or_assignment_to_constant.rb
index 3681ae86706..e7b7c877267 100644
--- a/lib/rubocop/cop/lint/or_assignment_to_constant.rb
+++ b/lib/rubocop/cop/lint/or_assignment_to_constant.rb
@@ -9,8 +9,10 @@ module Lint
       # should always be the same. If constants are assigned in multiple
       # locations, the result may vary depending on the order of `require`.
       #
-      # Also, if you already have such an implementation, auto-correction may
-      # change the result.
+      # @safety
+      #   This cop is unsafe because code that is already conditionally
+      #   assigning a constant may have its behaviour changed by
+      #   auto-correction.
       #
       # @example
       #
diff --git a/lib/rubocop/cop/lint/out_of_range_regexp_ref.rb b/lib/rubocop/cop/lint/out_of_range_regexp_ref.rb
index 6275013b689..23395e3e6a4 100644
--- a/lib/rubocop/cop/lint/out_of_range_regexp_ref.rb
+++ b/lib/rubocop/cop/lint/out_of_range_regexp_ref.rb
@@ -6,6 +6,23 @@ module Lint
       # This cops looks for references of Regexp captures that are out of range
       # and thus always returns nil.
       #
+      # @safety
+      #   This cop is unsafe because it is naive in how it determines what
+      #   references are available based on the last encountered regexp, but
+      #   it cannot handle some cases, such as conditional regexp matches, which
+      #   leads to false positives, such as:
+      #
+      #   [source,ruby]
+      #   ----
+      #   foo ? /(c)(b)/ =~ str : /(b)/ =~ str
+      #   do_something if $2
+      #   # $2 is defined for the first condition but not the second, however
+      #   # the cop will mark this as an offense.
+      #   ----
+      #
+      #   This might be a good indication of code that should be refactored,
+      #   however.
+      #
       # @example
       #
       #   /(foo)bar/ =~ 'foobar'
diff --git a/lib/rubocop/cop/lint/percent_string_array.rb b/lib/rubocop/cop/lint/percent_string_array.rb
index bf84e1a1c73..ea5eef58e4c 100644
--- a/lib/rubocop/cop/lint/percent_string_array.rb
+++ b/lib/rubocop/cop/lint/percent_string_array.rb
@@ -9,6 +9,16 @@ module Lint
       # example, mistranslating an array of literals to percent string notation)
       # rather than meant to be part of the resulting strings.
       #
+      # @safety
+      #   The cop is unsafe because the correction changes the values in the array
+      #   and that might have been done purposely.
+      #
+      #   [source,ruby]
+      #   ----
+      #   %w('foo', "bar") #=> ["'foo',", '"bar"']
+      #   %w(foo bar)      #=> ['foo', 'bar']
+      #   ----
+      #
       # @example
       #
       #   # bad
diff --git a/lib/rubocop/cop/lint/raise_exception.rb b/lib/rubocop/cop/lint/raise_exception.rb
index 00eb4ee1c2b..8711d8d14a6 100644
--- a/lib/rubocop/cop/lint/raise_exception.rb
+++ b/lib/rubocop/cop/lint/raise_exception.rb
@@ -13,6 +13,10 @@ module Lint
       # `Exception`. Alternatively, make `Exception` a fully qualified class
       # name with an explicit namespace.
       #
+      # @safety
+      #   This cop is unsafe because it will change the exception class being
+      #   raised, which is a change in behaviour.
+      #
       # @example
       #   # bad
       #   raise Exception, 'Error message here'
diff --git a/lib/rubocop/cop/lint/redundant_safe_navigation.rb b/lib/rubocop/cop/lint/redundant_safe_navigation.rb
index 2835b6038b6..771d4a959de 100644
--- a/lib/rubocop/cop/lint/redundant_safe_navigation.rb
+++ b/lib/rubocop/cop/lint/redundant_safe_navigation.rb
@@ -7,13 +7,14 @@ module Lint
       # `instance_of?`, `kind_of?`, `is_a?`, `eql?`, `respond_to?`, and `equal?` methods
       # are checked by default. These are customizable with `AllowedMethods` option.
       #
-      # This cop is marked as unsafe, because auto-correction can change the
-      # return type of the expression. An offending expression that previously
-      # could return `nil` will be auto-corrected to never return `nil`.
-      #
       # In the example below, the safe navigation operator (`&.`) is unnecessary
       # because `NilClass` has methods like `respond_to?` and `is_a?`.
       #
+      # @safety
+      #   This cop is unsafe, because auto-correction can change the return type of
+      #   the expression. An offending expression that previously could return `nil`
+      #   will be auto-corrected to never return `nil`.
+      #
       # @example
       #   # bad
       #   do_something if attrs&.respond_to?(:[])
diff --git a/lib/rubocop/cop/lint/unexpected_block_arity.rb b/lib/rubocop/cop/lint/unexpected_block_arity.rb
index e679ab3d91c..f1288d72979 100644
--- a/lib/rubocop/cop/lint/unexpected_block_arity.rb
+++ b/lib/rubocop/cop/lint/unexpected_block_arity.rb
@@ -13,14 +13,19 @@ module Lint
       # Keyword arguments (including `**kwargs`) do not get counted towards
       # this, as they are not used by the methods in question.
       #
-      # NOTE: This cop matches for method names only and hence cannot tell apart
-      # methods with same name in different classes.
-      #
       # Method names and their expected arity can be configured like this:
       #
+      # [source,yaml]
+      # ----
       # Methods:
       #   inject: 2
       #   reduce: 2
+      # ----
+      #
+      # @safety
+      #  This cop matches for method names only and hence cannot tell apart
+      #  methods with same name in different classes, which may lead to a
+      #  false positive.
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/lint/useless_method_definition.rb b/lib/rubocop/cop/lint/useless_method_definition.rb
index 3139c20b8c2..0d9cf969f1c 100644
--- a/lib/rubocop/cop/lint/useless_method_definition.rb
+++ b/lib/rubocop/cop/lint/useless_method_definition.rb
@@ -6,8 +6,9 @@ module Lint
       # This cop checks for useless method definitions, specifically: empty constructors
       # and methods just delegating to `super`.
       #
-      # This cop is marked as unsafe as it can trigger false positives for cases when
-      # an empty constructor just overrides the parent constructor, which is bad anyway.
+      # @safety
+      #   This cop is unsafe as it can register false positives for cases when an empty
+      #   constructor just overrides the parent constructor, which is bad anyway.
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/lint/useless_setter_call.rb b/lib/rubocop/cop/lint/useless_setter_call.rb
index 51b775bf7c4..0c95c7dcdd3 100644
--- a/lib/rubocop/cop/lint/useless_setter_call.rb
+++ b/lib/rubocop/cop/lint/useless_setter_call.rb
@@ -5,11 +5,14 @@ module Cop
     module Lint
       # This cop checks for setter call to local variable as the final
       # expression of a function definition.
-      # Its auto-correction is marked as unsafe because return value will be changed.
       #
-      # NOTE: There are edge cases in which the local variable references a
-      # value that is also accessible outside the local scope. This is not
-      # detected by the cop, and it can yield a false positive.
+      # @safety
+      #   There are edge cases in which the local variable references a
+      #   value that is also accessible outside the local scope. This is not
+      #   detected by the cop, and it can yield a false positive.
+      #
+      #   As well, auto-correction is unsafe because the method's
+      #   return value will be changed.
       #
       # @example
       #
diff --git a/lib/rubocop/cop/lint/useless_times.rb b/lib/rubocop/cop/lint/useless_times.rb
index 6aa5b3f35da..ec9125effbd 100644
--- a/lib/rubocop/cop/lint/useless_times.rb
+++ b/lib/rubocop/cop/lint/useless_times.rb
@@ -7,8 +7,9 @@ module Lint
       # (when the integer <= 0) or that will only ever yield once
       # (`1.times`).
       #
-      # This cop is marked as unsafe as `times` returns its receiver, which
-      # is *usually* OK, but might change behavior.
+      # @safety
+      #   This cop is unsafe as `times` returns its receiver, which is
+      #   *usually* OK, but might change behavior.
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/naming/memoized_instance_variable_name.rb b/lib/rubocop/cop/naming/memoized_instance_variable_name.rb
index 087267bd12d..6668aec9763 100644
--- a/lib/rubocop/cop/naming/memoized_instance_variable_name.rb
+++ b/lib/rubocop/cop/naming/memoized_instance_variable_name.rb
@@ -14,6 +14,11 @@ module Naming
       # convention that is used to implicitly indicate that an ivar should not
       # be set or referenced outside of the memoization method.
       #
+      # @safety
+      #   This cop relies on the pattern `@instance_var ||= ...`,
+      #   but this is sometimes used for other purposes than memoization
+      #   so this cop is considered unsafe.
+      #
       # @example EnforcedStyleForLeadingUnderscores: disallowed (default)
       #   # bad
       #   # Method foo is memoized using an instance variable that is
@@ -139,10 +144,6 @@ module Naming
       #   define_method(:foo) do
       #     @_foo ||= calculate_expensive_thing
       #   end
-      #
-      # This cop relies on the pattern `@instance_var ||= ...`,
-      # but this is sometimes used for other purposes than memoization
-      # so this cop is considered unsafe.
       class MemoizedInstanceVariableName < Base
         include ConfigurableEnforcedStyle
 
diff --git a/lib/rubocop/cop/security/json_load.rb b/lib/rubocop/cop/security/json_load.rb
index b9a6e6fada9..afc859d97fc 100644
--- a/lib/rubocop/cop/security/json_load.rb
+++ b/lib/rubocop/cop/security/json_load.rb
@@ -6,13 +6,14 @@ module Security
       # This cop checks for the use of JSON class methods which have potential
       # security issues.
       #
-      # Autocorrect is disabled by default because it's potentially dangerous.
-      # If using a stream, like `JSON.load(open('file'))`, it will need to call
-      # `#read` manually, like `JSON.parse(open('file').read)`.
-      # If reading single values (rather than proper JSON objects), like
-      # `JSON.load('false')`, it will need to pass the `quirks_mode: true`
-      # option, like `JSON.parse('false', quirks_mode: true)`.
-      # Other similar issues may apply.
+      # @safety
+      #   Autocorrect is disabled by default because it's potentially dangerous.
+      #   If using a stream, like `JSON.load(open('file'))`, it will need to call
+      #   `#read` manually, like `JSON.parse(open('file').read)`.
+      #   If reading single values (rather than proper JSON objects), like
+      #   `JSON.load('false')`, it will need to pass the `quirks_mode: true`
+      #   option, like `JSON.parse('false', quirks_mode: true)`.
+      #   Other similar issues may apply.
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/security/open.rb b/lib/rubocop/cop/security/open.rb
index 76c505bc9a2..ce0203b63b4 100644
--- a/lib/rubocop/cop/security/open.rb
+++ b/lib/rubocop/cop/security/open.rb
@@ -11,6 +11,10 @@ module Security
       # the argument of `Kernel#open` and `URI.open`. It would be better to use
       # `File.open`, `IO.popen` or `URI.parse#open` explicitly.
       #
+      # @safety
+      #   This cop could register false positives if `open` is redefined
+      #   in a class and then used without a receiver in that class.
+      #
       # @example
       #   # bad
       #   open(something)
diff --git a/lib/rubocop/cop/security/yaml_load.rb b/lib/rubocop/cop/security/yaml_load.rb
index a3cf4b56226..16dba0650bf 100644
--- a/lib/rubocop/cop/security/yaml_load.rb
+++ b/lib/rubocop/cop/security/yaml_load.rb
@@ -7,6 +7,10 @@ module Security
       # potential security issues leading to remote code execution when
       # loading from an untrusted source.
       #
+      # @safety
+      #   The behaviour of the code might change depending on what was
+      #   in the YAML payload, since `YAML.safe_load` is more restrictive.
+      #
       # @example
       #   # bad
       #   YAML.load("--- foo")
diff --git a/lib/rubocop/cop/style/and_or.rb b/lib/rubocop/cop/style/and_or.rb
index 35352912b88..7371be01239 100644
--- a/lib/rubocop/cop/style/and_or.rb
+++ b/lib/rubocop/cop/style/and_or.rb
@@ -7,9 +7,10 @@ module Style
       # `||` instead. It can be configured to check only in conditions or in
       # all contexts.
       #
-      # It is marked as unsafe auto-correction because it may change the
-      # operator precedence between logical operators (`&&` and `||`) and
-      # semantic operators (`and` and `or`).
+      # @safety
+      #   Auto-correction is unsafe because there is a different operator precedence
+      #   between logical operators (`&&` and `||`) and semantic operators (`and` and `or`),
+      #   and that might change the behaviour.
       #
       # @example EnforcedStyle: always
       #   # bad
diff --git a/lib/rubocop/cop/style/array_coercion.rb b/lib/rubocop/cop/style/array_coercion.rb
index c4845c87225..ecfcb41d226 100644
--- a/lib/rubocop/cop/style/array_coercion.rb
+++ b/lib/rubocop/cop/style/array_coercion.rb
@@ -5,9 +5,27 @@ module Cop
     module Style
       # This cop enforces the use of `Array()` instead of explicit `Array` check or `[*var]`.
       #
-      # This cop is disabled by default because false positive will occur if
-      # the argument of `Array()` is not an array (e.g. Hash, Set),
-      # an array will be returned as an incompatibility result.
+      # The cop is disabled by default due to safety concerns.
+      #
+      # @safety
+      #   This cop is unsafe because a false positive may occur if
+      #   the argument of `Array()` is (or could be) nil or depending
+      #   on how the argument is handled by `Array()` (which can be
+      #   different than just wrapping the argument in an array).
+      #
+      #   For example:
+      #
+      #   [source,ruby]
+      #   ----
+      #   [nil]             #=> [nil]
+      #   Array(nil)        #=> []
+      #
+      #   [{a: 'b'}]        #= [{a: 'b'}]
+      #   Array({a: 'b'})   #=> [[:a, 'b']]
+      #
+      #   [Time.now]        #=> [#<Time ...>]
+      #   Array(Time.now)   #=> [14, 16, 14, 16, 9, 2021, 4, 259, true, "EDT"]
+      #   ----
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/style/case_like_if.rb b/lib/rubocop/cop/style/case_like_if.rb
index a261e8eb613..c1332ae39df 100644
--- a/lib/rubocop/cop/style/case_like_if.rb
+++ b/lib/rubocop/cop/style/case_like_if.rb
@@ -6,6 +6,11 @@ module Style
       # This cop identifies places where `if-elsif` constructions
       # can be replaced with `case-when`.
       #
+      # @safety
+      #   This cop is unsafe. `case` statements use `===` for equality,
+      #   so if the original conditional used a different equality operator, the
+      #   behaviour may be different.
+      #
       # @example
       #   # bad
       #   if status == :active
diff --git a/lib/rubocop/cop/style/class_and_module_children.rb b/lib/rubocop/cop/style/class_and_module_children.rb
index 52a5123e639..01644da92e1 100644
--- a/lib/rubocop/cop/style/class_and_module_children.rb
+++ b/lib/rubocop/cop/style/class_and_module_children.rb
@@ -6,6 +6,15 @@ module Style
       # This cop checks the style of children definitions at classes and
       # modules. Basically there are two different styles:
       #
+      # @safety
+      #   Autocorrection is unsafe.
+      #
+      #   Moving from compact to nested children requires knowledge of whether the
+      #   outer parent is a module or a class. Moving from nested to compact requires
+      #   verification that the outer parent is defined elsewhere. Rubocop does not
+      #   have the knowledge to perform either operation safely and thus requires
+      #   manual oversight.
+      #
       # @example EnforcedStyle: nested (default)
       #   # good
       #   # have each child on its own line
diff --git a/lib/rubocop/cop/style/collection_compact.rb b/lib/rubocop/cop/style/collection_compact.rb
index e91b323af02..32f00ca8a06 100644
--- a/lib/rubocop/cop/style/collection_compact.rb
+++ b/lib/rubocop/cop/style/collection_compact.rb
@@ -6,11 +6,13 @@ module Style
       # This cop checks for places where custom logic on rejection nils from arrays
       # and hashes can be replaced with `{Array,Hash}#{compact,compact!}`.
       #
-      # It is marked as unsafe by default because false positives may occur in the
-      # nil check of block arguments to the receiver object.
-      # For example, `[[1, 2], [3, nil]].reject { |first, second| second.nil? }`
-      # and `[[1, 2], [3, nil]].compact` are not compatible. This will work fine
-      # when the receiver is a hash object.
+      # @safety
+      #   It is unsafe by default because false positives may occur in the
+      #   `nil` check of block arguments to the receiver object.
+      #
+      #   For example, `[[1, 2], [3, nil]].reject { |first, second| second.nil? }`
+      #   and `[[1, 2], [3, nil]].compact` are not compatible. This will work fine
+      #   when the receiver is a hash object.
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/style/collection_methods.rb b/lib/rubocop/cop/style/collection_methods.rb
index e72dd5ca059..ce6bdb8bd8d 100644
--- a/lib/rubocop/cop/style/collection_methods.rb
+++ b/lib/rubocop/cop/style/collection_methods.rb
@@ -6,10 +6,6 @@ module Style
       # This cop enforces the use of consistent method names
       # from the Enumerable module.
       #
-      # Unfortunately we cannot actually know if a method is from
-      # Enumerable or not (static analysis limitation), so this cop
-      # can yield some false positives.
-      #
       # You can customize the mapping from undesired method to desired method.
       #
       # e.g. to use `detect` over `find`:
@@ -18,9 +14,14 @@ module Style
       #     PreferredMethods:
       #       find: detect
       #
-      # The default mapping for `PreferredMethods` behaves as follows.
+      # @safety
+      #   This cop is unsafe because it finds methods by name, without actually
+      #   being able to determine if the receiver is an Enumerable or not, so
+      #   this cop may register false positives.
       #
       # @example
+      #   # These examples are based on the default mapping for `PreferredMethods`.
+      #
       #   # bad
       #   items.collect
       #   items.collect!
diff --git a/lib/rubocop/cop/style/combinable_loops.rb b/lib/rubocop/cop/style/combinable_loops.rb
index 74d566ab85d..ebe8fde9d42 100644
--- a/lib/rubocop/cop/style/combinable_loops.rb
+++ b/lib/rubocop/cop/style/combinable_loops.rb
@@ -7,8 +7,9 @@ module Style
       # can be combined into a single loop. It is very likely that combining them
       # will make the code more efficient and more concise.
       #
-      # It is marked as unsafe, because the first loop might modify
-      # a state that the second loop depends on; these two aren't combinable.
+      # @safety
+      #   The cop is unsafe, because the first loop might modify state that the
+      #   second loop depends on; these two aren't combinable.
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/style/commented_keyword.rb b/lib/rubocop/cop/style/commented_keyword.rb
index b3032206517..db06cec1178 100644
--- a/lib/rubocop/cop/style/commented_keyword.rb
+++ b/lib/rubocop/cop/style/commented_keyword.rb
@@ -12,7 +12,10 @@ module Style
       #
       # Auto-correction removes comments from `end` keyword and keeps comments
       # for `class`, `module`, `def` and `begin` above the keyword.
-      # It is marked as unsafe auto-correction as it may remove meaningful comments.
+      #
+      # @safety
+      #   Auto-correction is unsafe because it may remove a comment that is
+      #   meaningful.
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/style/date_time.rb b/lib/rubocop/cop/style/date_time.rb
index 2b80166342e..548a5998b40 100644
--- a/lib/rubocop/cop/style/date_time.rb
+++ b/lib/rubocop/cop/style/date_time.rb
@@ -9,6 +9,11 @@ module Style
       # replaceable in certain situations when dealing with multiple timezones
       # and/or DST.
       #
+      # @safety
+      #   Autocorrection is not safe, because `DateTime` and `Time` do not have
+      #   exactly the same behaviour, although in most cases the autocorrection
+      #   will be fine.
+      #
       # @example
       #
       #   # bad - uses `DateTime` for current time
diff --git a/lib/rubocop/cop/style/double_negation.rb b/lib/rubocop/cop/style/double_negation.rb
index c165051027a..d42fc70bc1e 100644
--- a/lib/rubocop/cop/style/double_negation.rb
+++ b/lib/rubocop/cop/style/double_negation.rb
@@ -9,6 +9,21 @@ module Style
       # that use boolean as a return value. When using `EnforcedStyle: forbidden`, double negation
       # should be forbidden always.
       #
+      # NOTE: when `something` is a boolean value
+      # `!!something` and `!something.nil?` are not the same thing.
+      # As you're unlikely to write code that can accept values of any type
+      # this is rarely a problem in practice.
+      #
+      # @safety
+      #   Autocorrection is unsafe when the value is `false`, because the result
+      #   of the expression will change.
+      #
+      #   [source,ruby]
+      #   ----
+      #   !!false     #=> false
+      #   !false.nil? #=> true
+      #   ----
+      #
       # @example
       #   # bad
       #   !!something
@@ -27,11 +42,6 @@ module Style
       #   def foo?
       #     !!return_value
       #   end
-      #
-      # Please, note that when something is a boolean value
-      # !!something and !something.nil? are not the same thing.
-      # As you're unlikely to write code that can accept values of any type
-      # this is rarely a problem in practice.
       class DoubleNegation < Base
         include ConfigurableEnforcedStyle
         extend AutoCorrector
diff --git a/lib/rubocop/cop/style/float_division.rb b/lib/rubocop/cop/style/float_division.rb
index d00370e2f82..7297ccffc1e 100644
--- a/lib/rubocop/cop/style/float_division.rb
+++ b/lib/rubocop/cop/style/float_division.rb
@@ -7,8 +7,16 @@ module Style
       # It is recommended to either always use `fdiv` or coerce one side only.
       # This cop also provides other options for code consistency.
       #
-      # This cop is marked as unsafe, because if operand variable is a string object
-      # then `.to_f` will be removed and an error will occur.
+      # @safety
+      #   This cop is unsafe, because if the operand variable is a string object
+      #   then `.to_f` will be removed and an error will occur.
+      #
+      #   [source,ruby]
+      #   ----
+      #   a = '1.2'
+      #   b = '3.4'
+      #   a.to_f / b.to_f # Both `to_f` calls are required here
+      #   ----
       #
       # @example EnforcedStyle: single_coerce (default)
       #   # bad
diff --git a/lib/rubocop/cop/style/frozen_string_literal_comment.rb b/lib/rubocop/cop/style/frozen_string_literal_comment.rb
index 82592cf6e20..6d12b5c46e4 100644
--- a/lib/rubocop/cop/style/frozen_string_literal_comment.rb
+++ b/lib/rubocop/cop/style/frozen_string_literal_comment.rb
@@ -10,12 +10,17 @@ module Style
       # default in future Ruby. The comment will be added below a shebang and
       # encoding comment.
       #
-      # Note that the cop will ignore files where the comment exists but is set
+      # Note that the cop will accept files where the comment exists but is set
       # to `false` instead of `true`.
       #
       # To require a blank line after this comment, please see
       # `Layout/EmptyLineAfterMagicComment` cop.
       #
+      # @safety
+      #  This cop's autocorrection is unsafe since any strings mutations will
+      #  change from being accepted to raising `FrozenError`, as all strings
+      #  will become frozen by default, and will need to be manually refactored.
+      #
       # @example EnforcedStyle: always (default)
       #   # The `always` style will always add the frozen string literal comment
       #   # to a file, regardless of the Ruby version or if `freeze` or `<<` are
diff --git a/lib/rubocop/cop/style/global_std_stream.rb b/lib/rubocop/cop/style/global_std_stream.rb
index f648d40b15f..7631a69f341 100644
--- a/lib/rubocop/cop/style/global_std_stream.rb
+++ b/lib/rubocop/cop/style/global_std_stream.rb
@@ -8,6 +8,10 @@ module Style
       # reassign (possibly to redirect some stream) constants in Ruby, you'll get
       # an interpreter warning if you do so.
       #
+      # @safety
+      #   Autocorrection is unsafe because `STDOUT` and `$stdout` may point to different
+      #   objects, for example.
+      #
       # @example
       #   # bad
       #   STDOUT.puts('hello')
diff --git a/lib/rubocop/cop/style/hash_each_methods.rb b/lib/rubocop/cop/style/hash_each_methods.rb
index 86755fce114..457c63cdf53 100644
--- a/lib/rubocop/cop/style/hash_each_methods.rb
+++ b/lib/rubocop/cop/style/hash_each_methods.rb
@@ -9,6 +9,11 @@ module Style
       #   parentheses around the block arguments to indicate that you're not
       #   working with a hash, and suppress RuboCop offenses.
       #
+      # @safety
+      #   This cop is unsafe because it cannot be guaranteed that the receiver
+      #   is a `Hash`. The `AllowedReceivers` configuration can mitigate,
+      #   but not fully resolve, this safety issue.
+      #
       # @example
       #   # bad
       #   hash.keys.each { |k| p k }
diff --git a/lib/rubocop/cop/style/hash_transform_keys.rb b/lib/rubocop/cop/style/hash_transform_keys.rb
index 849d96dff31..6ed3e253fb6 100644
--- a/lib/rubocop/cop/style/hash_transform_keys.rb
+++ b/lib/rubocop/cop/style/hash_transform_keys.rb
@@ -8,12 +8,10 @@ module Style
       # transforming the keys of a hash, and tries to use a simpler & faster
       # call to `transform_keys` instead.
       #
-      # This can produce false positives if we are transforming an enumerable
-      # of key-value-like pairs that isn't actually a hash, e.g.:
-      # `[[k1, v1], [k2, v2], ...]`
-      #
-      # This cop should only be enabled on Ruby version 2.5 or newer
-      # (`transform_keys` was added in Ruby 2.5.)
+      # @safety
+      #   This cop is unsafe, as it can produce false positives if we are
+      #   transforming an enumerable of key-value-like pairs that isn't actually
+      #   a hash, e.g.: `[[k1, v1], [k2, v2], ...]`
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/style/hash_transform_values.rb b/lib/rubocop/cop/style/hash_transform_values.rb
index c2ed6653744..7f68460e449 100644
--- a/lib/rubocop/cop/style/hash_transform_values.rb
+++ b/lib/rubocop/cop/style/hash_transform_values.rb
@@ -8,12 +8,10 @@ module Style
       # transforming the values of a hash, and tries to use a simpler & faster
       # call to `transform_values` instead.
       #
-      # This can produce false positives if we are transforming an enumerable
-      # of key-value-like pairs that isn't actually a hash, e.g.:
-      # `[[k1, v1], [k2, v2], ...]`
-      #
-      # This cop should only be enabled on Ruby version 2.4 or newer
-      # (`transform_values` was added in Ruby 2.4.)
+      # @safety
+      #   This cop is unsafe, as it can produce false positives if we are
+      #   transforming an enumerable of key-value-like pairs that isn't actually
+      #   a hash, e.g.: `[[k1, v1], [k2, v2], ...]`
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/style/identical_conditional_branches.rb b/lib/rubocop/cop/style/identical_conditional_branches.rb
index 32e54953ab3..784172cb1c4 100644
--- a/lib/rubocop/cop/style/identical_conditional_branches.rb
+++ b/lib/rubocop/cop/style/identical_conditional_branches.rb
@@ -7,26 +7,28 @@ module Style
       # each branch of a conditional expression. Such expressions should normally
       # be placed outside the conditional expression - before or after it.
       #
-      # This cop is marked unsafe auto-correction as the order of method invocations
-      # must be guaranteed in the following case:
-      #
-      # [source,ruby]
-      # ----
-      # if method_that_modifies_global_state # 1
-      #   method_that_relies_on_global_state # 2
-      #   foo                                # 3
-      # else
-      #   method_that_relies_on_global_state # 2
-      #   bar                                # 3
-      # end
-      # ----
-      #
-      # In such a case, auto-correction may change the invocation order.
-      #
       # NOTE: The cop is poorly named and some people might think that it actually
       # checks for duplicated conditional branches. The name will probably be changed
       # in a future major RuboCop release.
       #
+      # @safety
+      #   Auto-correction is unsafe because changing the order of method invocations
+      #   may change the behaviour of the code. For example:
+      #
+      #   [source,ruby]
+      #   ----
+      #   if method_that_modifies_global_state # 1
+      #     method_that_relies_on_global_state # 2
+      #     foo                                # 3
+      #   else
+      #     method_that_relies_on_global_state # 2
+      #     bar                                # 3
+      #   end
+      #   ----
+      #
+      #   In this example, `method_that_relies_on_global_state` will be moved before
+      #   `method_that_modifies_global_state`, which changes the behaviour of the program.
+      #
       # @example
       #   # bad
       #   if condition
diff --git a/lib/rubocop/cop/style/if_with_boolean_literal_branches.rb b/lib/rubocop/cop/style/if_with_boolean_literal_branches.rb
index aac7d7ffc6c..8e0944534fc 100644
--- a/lib/rubocop/cop/style/if_with_boolean_literal_branches.rb
+++ b/lib/rubocop/cop/style/if_with_boolean_literal_branches.rb
@@ -6,8 +6,10 @@ module Style
       # This cop checks for redundant `if` with boolean literal branches.
       # It checks only conditions to return boolean value (`true` or `false`) for safe detection.
       # The conditions to be checked are comparison methods, predicate methods, and double negative.
-      # However, auto-correction is unsafe because there is no guarantee that all predicate methods
-      # will return boolean value. Those methods can be allowed with `AllowedMethods` config.
+      #
+      # @safety
+      #   Auto-correction is unsafe because there is no guarantee that all predicate methods
+      #   will return a boolean value. Those methods can be allowed with `AllowedMethods` config.
       #
       # @example
       #   # bad
@@ -23,6 +25,17 @@ module Style
       #   # good
       #   foo == bar
       #
+      # @example
+      #   # bad
+      #   if foo.do_something?
+      #     true
+      #   else
+      #     false
+      #   end
+      #
+      #   # good (but potentially an unsafe correction)
+      #   foo.do_something?
+      #
       # @example AllowedMethods: ['nonzero?']
       #   # good
       #   num.nonzero? ? true : false
diff --git a/lib/rubocop/cop/style/infinite_loop.rb b/lib/rubocop/cop/style/infinite_loop.rb
index 4a9019d13fa..30135a53600 100644
--- a/lib/rubocop/cop/style/infinite_loop.rb
+++ b/lib/rubocop/cop/style/infinite_loop.rb
@@ -5,9 +5,10 @@ module Cop
     module Style
       # Use `Kernel#loop` for infinite loops.
       #
-      # This cop is marked as unsafe as the rule does not necessarily
-      # apply if the body might raise a `StopIteration` exception; contrary to
-      # other infinite loops, `Kernel#loop` silently rescues that and returns `nil`.
+      # @safety
+      #   This cop is unsafe as the rule should not necessarily apply if the loop
+      #   body might raise a `StopIteration` exception; contrary to other infinite
+      #   loops, `Kernel#loop` silently rescues that and returns `nil`.
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/style/inverse_methods.rb b/lib/rubocop/cop/style/inverse_methods.rb
index 08903532ab3..251b4040d90 100644
--- a/lib/rubocop/cop/style/inverse_methods.rb
+++ b/lib/rubocop/cop/style/inverse_methods.rb
@@ -5,11 +5,18 @@ module Cop
     module Style
       # This cop check for usages of not (`not` or `!`) called on a method
       # when an inverse of that method can be used instead.
+      #
       # Methods that can be inverted by a not (`not` or `!`) should be defined
-      # in `InverseMethods`
+      # in `InverseMethods`.
+      #
       # Methods that are inverted by inverting the return
       # of the block that is passed to the method should be defined in
-      # `InverseBlocks`
+      # `InverseBlocks`.
+      #
+      # @safety
+      #   This cop is unsafe because it cannot be guaranteed that the method
+      #   and its inverse method are both defined on receiver, and also are
+      #   actually inverse of each other.
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/style/line_end_concatenation.rb b/lib/rubocop/cop/style/line_end_concatenation.rb
index 31eec4b7301..10455b8af8e 100644
--- a/lib/rubocop/cop/style/line_end_concatenation.rb
+++ b/lib/rubocop/cop/style/line_end_concatenation.rb
@@ -6,6 +6,19 @@ module Style
       # This cop checks for string literal concatenation at
       # the end of a line.
       #
+      # @safety
+      #   This cop is unsafe because it canot be guaranteed that the
+      #   receiver is a string, in which case replacing `<<` with `\`
+      #   would result in a syntax error.
+      #
+      #   For example, this would be a false positive:
+      #   [source,ruby]
+      #   ----
+      #   array << 'foo' <<
+      #            'bar' <<
+      #            'baz'
+      #   ----
+      #
       # @example
       #
       #   # bad
diff --git a/lib/rubocop/cop/style/module_function.rb b/lib/rubocop/cop/style/module_function.rb
index 63000a4a562..228dc574bfc 100644
--- a/lib/rubocop/cop/style/module_function.rb
+++ b/lib/rubocop/cop/style/module_function.rb
@@ -6,7 +6,14 @@ module Style
       # This cop checks for use of `extend self` or `module_function` in a
       # module.
       #
-      # Supported styles are: module_function, extend_self, forbidden.
+      # Supported styles are: module_function, extend_self, forbidden. `forbidden`
+      # style prohibits the usage of both styles.
+      #
+      # NOTE: the cop won't be activated when the module contains any private methods.
+      #
+      # @safety
+      #   Autocorrection is unsafe (and is disabled by default) because `extend self`
+      #   and `module_function` do not behave exactly the same.
       #
       # @example EnforcedStyle: module_function (default)
       #   # bad
@@ -21,9 +28,6 @@ module Style
       #     # ...
       #   end
       #
-      # In case there are private methods, the cop won't be activated.
-      # Otherwise, it forces to change the flow of the default code.
-      #
       # @example EnforcedStyle: module_function (default)
       #   # good
       #   module Test
@@ -46,8 +50,6 @@ module Style
       #     # ...
       #   end
       #
-      # The option `forbidden` prohibits the usage of both styles.
-      #
       # @example EnforcedStyle: forbidden
       #   # bad
       #   module Test
@@ -68,9 +70,6 @@ module Style
       #     private
       #     # ...
       #   end
-      #
-      # These offenses are not safe to auto-correct since there are different
-      # implications to each approach.
       class ModuleFunction < Base
         include ConfigurableEnforcedStyle
         extend AutoCorrector
diff --git a/lib/rubocop/cop/style/mutable_constant.rb b/lib/rubocop/cop/style/mutable_constant.rb
index a27f80ee3e6..e01aa58cf63 100644
--- a/lib/rubocop/cop/style/mutable_constant.rb
+++ b/lib/rubocop/cop/style/mutable_constant.rb
@@ -24,6 +24,14 @@ module Style
       # NOTE: From Ruby 3.0, this cop allows explicit freezing of interpolated
       # string literals when `# frozen-string-literal: true` is used.
       #
+      # NOTE: From Ruby 3.0, this cop allows explicit freezing of constants when
+      # the `shareable_constant_value` directive is used.
+      #
+      # @safety
+      #   This cop's autocorrection is unsafe since any mutations on objects that
+      #   are made frozen will change from being accepted to raising `FrozenError`,
+      #   and will need to be manually refactored.
+      #
       # @example EnforcedStyle: literals (default)
       #   # bad
       #   CONST = [1, 2, 3]
@@ -71,10 +79,6 @@ module Style
       #   # shareable_constant_value: literal
       #   CONST = [1, 2, 3]
       #
-      # NOTE: This special directive helps to create constants
-      # that hold only immutable objects, or Ractor-shareable
-      # constants. - ruby docs
-      #
       class MutableConstant < Base
         # Handles magic comment shareable_constant_value with O(n ^ 2) complexity
         # n - number of lines in the source
diff --git a/lib/rubocop/cop/style/numeric_predicate.rb b/lib/rubocop/cop/style/numeric_predicate.rb
index a0ecbf2f53a..fcbb3d39b78 100644
--- a/lib/rubocop/cop/style/numeric_predicate.rb
+++ b/lib/rubocop/cop/style/numeric_predicate.rb
@@ -16,6 +16,11 @@ module Style
       # populated with objects which can be compared with integers, but are
       # not themselves `Integer` polymorphic.
       #
+      # @safety
+      #   This cop is unsafe because it cannot be guaranteed that the receiver
+      #   defines the predicates or can be compared to a number, which may lead
+      #   to a false positive for non-standard classes.
+      #
       # @example EnforcedStyle: predicate (default)
       #   # bad
       #
diff --git a/lib/rubocop/cop/style/optional_arguments.rb b/lib/rubocop/cop/style/optional_arguments.rb
index 03050f1dc03..648979cbc8a 100644
--- a/lib/rubocop/cop/style/optional_arguments.rb
+++ b/lib/rubocop/cop/style/optional_arguments.rb
@@ -6,6 +6,10 @@ module Style
       # This cop checks for optional arguments to methods
       # that do not come at the end of the argument list.
       #
+      # @safety
+      #   This cop is unsafe because changing a method signature will
+      #   implicitly change behaviour.
+      #
       # @example
       #   # bad
       #   def foo(a = 1, b, c)
diff --git a/lib/rubocop/cop/style/optional_boolean_parameter.rb b/lib/rubocop/cop/style/optional_boolean_parameter.rb
index 0919a941dab..66e70280ae4 100644
--- a/lib/rubocop/cop/style/optional_boolean_parameter.rb
+++ b/lib/rubocop/cop/style/optional_boolean_parameter.rb
@@ -7,6 +7,10 @@ module Style
       # boolean arguments when defining methods. `respond_to_missing?` method is allowed by default.
       # These are customizable with `AllowedMethods` option.
       #
+      # @safety
+      #   This cop is unsafe because changing a method signature will
+      #   implicitly change behaviour.
+      #
       # @example
       #   # bad
       #   def some_method(bar = false)
diff --git a/lib/rubocop/cop/style/preferred_hash_methods.rb b/lib/rubocop/cop/style/preferred_hash_methods.rb
index 914690164d6..443c920af32 100644
--- a/lib/rubocop/cop/style/preferred_hash_methods.rb
+++ b/lib/rubocop/cop/style/preferred_hash_methods.rb
@@ -3,10 +3,15 @@
 module RuboCop
   module Cop
     module Style
-      # This cop (by default) checks for uses of methods Hash#has_key? and
-      # Hash#has_value? where it enforces Hash#key? and Hash#value?
-      # It is configurable to enforce the inverse, using `verbose` method
-      # names also.
+      # This cop checks for uses of methods `Hash#has_key?` and
+      # `Hash#has_value?`, and suggests using `Hash#key?` and `Hash#value?` instead.
+      #
+      # It is configurable to enforce the verbose method names, by using the
+      # `EnforcedStyle: verbose` configuration.
+      #
+      # @safety
+      #   This cop is unsafe because it cannot be guaranteed that the receiver
+      #   is a `Hash` or responds to the replacement methods.
       #
       # @example EnforcedStyle: short (default)
       #  # bad
diff --git a/lib/rubocop/cop/style/redundant_argument.rb b/lib/rubocop/cop/style/redundant_argument.rb
index 6e091a54c2f..70eebce4dd2 100644
--- a/lib/rubocop/cop/style/redundant_argument.rb
+++ b/lib/rubocop/cop/style/redundant_argument.rb
@@ -5,22 +5,29 @@ module Cop
     module Style
       # This cop checks for a redundant argument passed to certain methods.
       #
-      # Limitations:
-      #
-      # 1. This cop matches for method names only and hence cannot tell apart
-      #    methods with same name in different classes.
-      # 2. This cop is limited to methods with single parameter.
-      # 3. This cop is unsafe if certain special global variables (e.g. `$;`, `$/`) are set.
-      #    That depends on the nature of the target methods, of course.
+      # NOTE: This cop is limited to methods with single parameter.
       #
       # Method names and their redundant arguments can be configured like this:
       #
+      # [source,yaml]
+      # ----
       # Methods:
       #   join: ''
       #   split: ' '
       #   chomp: "\n"
       #   chomp!: "\n"
       #   foo: 2
+      # ----
+      #
+      # @safety
+      #   This cop is unsafe because of the following limitations:
+      #
+      #   1. This cop matches by method names only and hence cannot tell apart
+      #      methods with same name in different classes.
+      #   2. This cop may be unsafe if certain special global variables (e.g. `$;`, `$/`) are set.
+      #      That depends on the nature of the target methods, of course. For example, the default
+      #      argument to join is `$OUTPUT_FIELD_SEPARATOR` (or `$,`) rather than `''`, and if that
+      #      global is changed, `''` is no longer a redundant argument.
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/style/redundant_fetch_block.rb b/lib/rubocop/cop/style/redundant_fetch_block.rb
index 1d540094e61..f586c1bb820 100644
--- a/lib/rubocop/cop/style/redundant_fetch_block.rb
+++ b/lib/rubocop/cop/style/redundant_fetch_block.rb
@@ -9,6 +9,10 @@ module Style
       # In such cases `fetch(key, value)` method is faster
       # than `fetch(key) { value }`.
       #
+      # @safety
+      #   This cop is unsafe because it cannot be guaranteed that the receiver
+      #   does not have a different implementation of `fetch`.
+      #
       # @example SafeForConstants: false (default)
       #   # bad
       #   hash.fetch(:key) { 5 }
diff --git a/lib/rubocop/cop/style/redundant_self_assignment.rb b/lib/rubocop/cop/style/redundant_self_assignment.rb
index f040aa7da66..3fa1624ac07 100644
--- a/lib/rubocop/cop/style/redundant_self_assignment.rb
+++ b/lib/rubocop/cop/style/redundant_self_assignment.rb
@@ -6,9 +6,10 @@ module Style
       # This cop checks for places where redundant assignments are made for in place
       # modification methods.
       #
-      # This cop is marked as unsafe, because it can produce false positives for
-      # user defined methods having one of the expected names, but not modifying
-      # its receiver in place.
+      # @safety
+      #   This cop is unsafe, because it can produce false positives for
+      #   user defined methods having one of the expected names, but not modifying
+      #   its receiver in place.
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/style/safe_navigation.rb b/lib/rubocop/cop/style/safe_navigation.rb
index eb7153f40e7..dd5c30caffc 100644
--- a/lib/rubocop/cop/style/safe_navigation.rb
+++ b/lib/rubocop/cop/style/safe_navigation.rb
@@ -10,14 +10,25 @@ module Style
       # need to be changed to use safe navigation. We have limited the cop to
       # not register an offense for method chains that exceed 2 methods.
       #
-      # Configuration option: ConvertCodeThatCanStartToReturnNil
-      # The default for this is `false`. When configured to `true`, this will
+      # The default for `ConvertCodeThatCanStartToReturnNil` is `false`.
+      # When configured to `true`, this will
       # check for code in the format `!foo.nil? && foo.bar`. As it is written,
       # the return of this code is limited to `false` and whatever the return
       # of the method is. If this is converted to safe navigation,
       # `foo&.bar` can start returning `nil` as well as what the method
       # returns.
       #
+      # @safety
+      #   Autocorrection is unsafe because if a value is `false`, the resulting
+      #   code will have different behaviour or raise an error.
+      #
+      #   [source,ruby]
+      #   ----
+      #   x = false
+      #   x && x.foo  # return false
+      #   x&.foo      # raises NoMethodError
+      #   ----
+      #
       # @example
       #   # bad
       #   foo.bar if foo
diff --git a/lib/rubocop/cop/style/single_argument_dig.rb b/lib/rubocop/cop/style/single_argument_dig.rb
index af0289ef988..d31ba4f6ec3 100644
--- a/lib/rubocop/cop/style/single_argument_dig.rb
+++ b/lib/rubocop/cop/style/single_argument_dig.rb
@@ -6,6 +6,11 @@ module Style
       # Sometimes using dig method ends up with just a single
       # argument. In such cases, dig should be replaced with [].
       #
+      # @safety
+      #   This cop is unsafe because it cannot be guaranteed that the receiver
+      #   is an `Enumerable` or does not have a nonstandard implementation
+      #   of `dig`.
+      #
       # @example
       #   # bad
       #   { key: 'value' }.dig(:key)
diff --git a/lib/rubocop/cop/style/slicing_with_range.rb b/lib/rubocop/cop/style/slicing_with_range.rb
index bbc16c268ef..31e266f3a8f 100644
--- a/lib/rubocop/cop/style/slicing_with_range.rb
+++ b/lib/rubocop/cop/style/slicing_with_range.rb
@@ -6,6 +6,19 @@ module Style
       # This cop checks that arrays are sliced with endless ranges instead of
       # `ary[start..-1]` on Ruby 2.6+.
       #
+      # @safety
+      #   This cop is unsafe because `x..-1` and `x..` are only guaranteed to
+      #   be equivalent for `Array#[]`, and the cop cannot determine what class
+      #   the receiver is.
+      #
+      #   For example:
+      #   [source,ruby]
+      #   ----
+      #   sum = proc { |ary| ary.sum }
+      #   sum[-3..-1] # => -6
+      #   sum[-3..] # Hangs forever
+      #   ----
+      #
       # @example
       #   # bad
       #   items[1..-1]
diff --git a/lib/rubocop/cop/style/special_global_vars.rb b/lib/rubocop/cop/style/special_global_vars.rb
index 5e54f44f9e7..70933697f9b 100644
--- a/lib/rubocop/cop/style/special_global_vars.rb
+++ b/lib/rubocop/cop/style/special_global_vars.rb
@@ -9,6 +9,10 @@ module Style
       # will add a require statement to the top of the file if
       # enabled by RequireEnglish config.
       #
+      # @safety
+      #   Autocorrection is marked as unsafe because if `RequireEnglish` is not
+      #   true, replacing perl-style variables with english variables will break.
+      #
       # @example EnforcedStyle: use_english_names (default)
       #   # good
       #   require 'English' # or this could be in another file.
diff --git a/lib/rubocop/cop/style/static_class.rb b/lib/rubocop/cop/style/static_class.rb
index 5072a0140b0..ea2c72206f1 100644
--- a/lib/rubocop/cop/style/static_class.rb
+++ b/lib/rubocop/cop/style/static_class.rb
@@ -7,9 +7,10 @@ module Style
       # replaced with a module. Classes should be used only when it makes sense to create
       # instances out of them.
       #
-      # This cop is marked as unsafe, because it is possible that this class is a parent
-      # for some other subclass, monkey-patched with instance methods or
-      # a dummy instance is instantiated from it somewhere.
+      # @safety
+      #   This cop is unsafe, because it is possible that this class is a parent
+      #   for some other subclass, monkey-patched with instance methods or
+      #   a dummy instance is instantiated from it somewhere.
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/style/string_chars.rb b/lib/rubocop/cop/style/string_chars.rb
index 6ae97135001..b8b26ebba67 100644
--- a/lib/rubocop/cop/style/string_chars.rb
+++ b/lib/rubocop/cop/style/string_chars.rb
@@ -5,8 +5,10 @@ module Cop
     module Style
       # Checks for uses of `String#split` with empty string or regexp literal argument.
       #
-      # This cop is marked as unsafe. But probably it's quite unlikely that some other class would
-      # define a `split` method that takes exactly the same arguments.
+      # @safety
+      #   This cop is unsafe because it cannot be guaranteed that the receiver
+      #   is actually a string. If another class has a `split` method with
+      #   different behaviour, it would be registered as a false positive.
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/style/string_concatenation.rb b/lib/rubocop/cop/style/string_concatenation.rb
index 847c2c6382b..4b302534799 100644
--- a/lib/rubocop/cop/style/string_concatenation.rb
+++ b/lib/rubocop/cop/style/string_concatenation.rb
@@ -23,6 +23,10 @@ module Style
       # This is useful when the receiver is some expression that returns string like `Pathname`
       # instead of a string literal.
       #
+      # @safety
+      #   This cop is unsafe in `aggressive` mode, as it cannot be guaranteed that
+      #   the receiver is actually a string, which can result in a false positive.
+      #
       # @example Mode: aggressive (default)
       #   # bad
       #   email_with_name = user.name + ' <' + user.email + '>'
diff --git a/lib/rubocop/cop/style/string_hash_keys.rb b/lib/rubocop/cop/style/string_hash_keys.rb
index 5b267f09b54..7773fcbe2bd 100644
--- a/lib/rubocop/cop/style/string_hash_keys.rb
+++ b/lib/rubocop/cop/style/string_hash_keys.rb
@@ -6,6 +6,10 @@ module Style
       # This cop checks for the use of strings as keys in hashes. The use of
       # symbols is preferred instead.
       #
+      # @safety
+      #   This cop is unsafe because while symbols are preferred for hash keys,
+      #   there are instances when string keys are required.
+      #
       # @example
       #   # bad
       #   { 'one' => 1, 'two' => 2, 'three' => 3 }
diff --git a/lib/rubocop/cop/style/struct_inheritance.rb b/lib/rubocop/cop/style/struct_inheritance.rb
index e463243ebca..1e9d98192f1 100644
--- a/lib/rubocop/cop/style/struct_inheritance.rb
+++ b/lib/rubocop/cop/style/struct_inheritance.rb
@@ -5,8 +5,9 @@ module Cop
     module Style
       # This cop checks for inheritance from Struct.new.
       #
-      # It is marked as unsafe auto-correction because it will change the
-      # inheritance tree (e.g. return value of `Module#ancestors`).
+      # @safety
+      #   Auto-correction is unsafe because it will change the inheritance
+      #   tree (e.g. return value of `Module#ancestors`) of the constant.
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/style/swap_values.rb b/lib/rubocop/cop/style/swap_values.rb
index c16f69a88d0..a6b36bcb515 100644
--- a/lib/rubocop/cop/style/swap_values.rb
+++ b/lib/rubocop/cop/style/swap_values.rb
@@ -4,8 +4,10 @@ module RuboCop
   module Cop
     module Style
       # This cop enforces the use of shorthand-style swapping of 2 variables.
-      # Its autocorrection is marked as unsafe, because it can erroneously remove
-      # the temporary variable which is used later.
+      #
+      # @safety
+      #   Autocorrection is unsafe, because the temporary variable used to
+      #   swap variables will be removed, but may be referred to elsewhere.
       #
       # @example
       #   # bad
diff --git a/lib/rubocop/cop/style/symbol_proc.rb b/lib/rubocop/cop/style/symbol_proc.rb
index 65e4e2d7f34..7f60ee403c7 100644
--- a/lib/rubocop/cop/style/symbol_proc.rb
+++ b/lib/rubocop/cop/style/symbol_proc.rb
@@ -8,6 +8,32 @@ module Style
       # If you prefer a style that allows block for method with arguments,
       # please set `true` to `AllowMethodsWithArguments`.
       #
+      # @safety
+      #   This cop is unsafe because `proc`s and blocks work differently
+      #   when additional arguments are passed in. A block will silently
+      #   ignore additional arguments, but a `proc` will raise
+      #   an `ArgumentError`.
+      #
+      #   For example:
+      #
+      #   [source,ruby]
+      #   ----
+      #   class Foo
+      #     def bar
+      #       :bar
+      #     end
+      #   end
+      #
+      #   def call(options = {}, &block)
+      #     block.call(Foo.new, options)
+      #   end
+      #
+      #   call { |x| x.bar }
+      #   #=> :bar
+      #   call(&:bar)
+      #   # ArgumentError: wrong number of arguments (given 1, expected 0)
+      #   ----
+      #
       # @example
       #   # bad
       #   something.map { |s| s.upcase }
diff --git a/lib/rubocop/cop/style/trailing_comma_in_block_args.rb b/lib/rubocop/cop/style/trailing_comma_in_block_args.rb
index 7715d041e60..7a781341254 100644
--- a/lib/rubocop/cop/style/trailing_comma_in_block_args.rb
+++ b/lib/rubocop/cop/style/trailing_comma_in_block_args.rb
@@ -8,6 +8,25 @@ module Style
       # that comma to be present. Blocks with more than one argument never
       # require a trailing comma.
       #
+      # @safety
+      #   This cop is unsafe because a trailing comma can indicate there are
+      #   more parameters that are not used.
+      #
+      #   For example:
+      #   [source,ruby]
+      #   ----
+      #   # with a trailing comma
+      #   {foo: 1, bar: 2, baz: 3}.map {|key,| key }
+      #   #=> [:foo, :bar, :baz]
+      #
+      #   # without a trailing comma
+      #   {foo: 1, bar: 2, baz: 3}.map {|key| key }
+      #   #=> [[:foo, 1], [:bar, 2], [:baz, 3]]
+      #   ----
+      #
+      #   This can be fixed by replacing the trailing comma with a placeholder
+      #   argument (such as `|key, _value|`).
+      #
       # @example
       #   # bad
       #   add { |foo, bar,| foo + bar }
diff --git a/lib/rubocop/cop/style/yoda_condition.rb b/lib/rubocop/cop/style/yoda_condition.rb
index 2277242d31e..b818b27d4f6 100644
--- a/lib/rubocop/cop/style/yoda_condition.rb
+++ b/lib/rubocop/cop/style/yoda_condition.rb
@@ -7,6 +7,26 @@ module Style
       # i.e. comparison operations where the order of expression is reversed.
       # eg. `5 == x`
       #
+      # @safety
+      #   This cop is unsafe because comparison operators can be defined
+      #   differently on different classes, and are not guaranteed to
+      #   have the same result if reversed.
+      #
+      #   For example:
+      #
+      #   [source,ruby]
+      #   ----
+      #   class MyKlass
+      #     def ==(other)
+      #       true
+      #     end
+      #   end
+      #
+      #   obj = MyKlass.new
+      #   obj == 'string'   #=> true
+      #   'string' == obj   #=> false
+      #   ----
+      #
       # @example EnforcedStyle: forbid_for_all_comparison_operators (default)
       #   # bad
       #   99 == foo
diff --git a/lib/rubocop/cop/style/zero_length_predicate.rb b/lib/rubocop/cop/style/zero_length_predicate.rb
index 62655f6b490..3381545bb3d 100644
--- a/lib/rubocop/cop/style/zero_length_predicate.rb
+++ b/lib/rubocop/cop/style/zero_length_predicate.rb
@@ -9,6 +9,12 @@ module Style
       # receiver.length < 1 and receiver.size == 0 that can be
       # replaced by receiver.empty? and !receiver.empty?.
       #
+      # @safety
+      #   This cop is unsafe because it cannot be guaranteed that the receiver
+      #   has an `empty?` method that is defined in terms of `length`. If there
+      #   is a non-standard class that redefines `length` or `empty?`, the cop
+      #   may register a false positive.
+      #
       # @example
       #   # bad
       #   [1, 2, 3].length == 0