java-file-read-audit

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs at runtime to curl and download a CFR JAR from https://xget.xi-xu.me/gh/leibnitz27/cfr/releases/download/0.152/cfr-0.152.jar and then execute it with java -jar, which fetches and runs remote code that the skill depends on for decompilation.