skills/quarkusio/quarkusdev-skills/java-decompile/Snyk

java-decompile

Warn

Audited by Snyk on Mar 25, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.70). Yes — the skill explicitly searches for and reads JARs from the Maven classpath / ~/.m2 repository (Step 2) and decompiles and displays their source via Vineflower (Step 3–4), so it ingests untrusted third‑party code/artifacts whose contents can materially influence subsequent analysis or actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 25, 2026, 10:28 AM

Issues

1

Security Audit — snyk — java-decompile