Dangerous fingerprint for shared library


We are trying to extend the Jenkins pipeline with shared libraries.

We are building maven projects and we need to read the pom file, because we are trying to follow a test driven development, we used readFile from the shared library, in that way we can mock and test the content of the pom file.

We are getting a warning saying that the signature might introduce vulnerabilities.

Signature: method groovy.lang.GroovyObject getProperty java.lang.String

I had the idea that everything runs in a sandBox, readFile won’t be able to leave the sandbox.

Is there a better way of doing this?
Is there any risk on using readFile on a shared library?

thanks in advance.