java-sql-audit

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The DECOMPILE_STRATEGY.md includes a runtime curl command to download and execute a remote CFR jar (https://xget.xi-xu.me/gh/leibnitz27/cfr/releases/download/0.152/cfr-0.152.jar), which fetches and runs remote code and is presented as a required dependency for the decompilation steps.