diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.qhelp b/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.qhelp
index fa6e5b09410..7b49378a4d2 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.qhelp
@@ -14,8 +14,8 @@ and then evaluated, then it may allow the attacker to run arbitrary code.
 
 <recommendation>
 <p>
-Including untrusted input in a JEXL expression should be avoided. If it is not possible,
-JEXL expressions should be run in a sandbox that allows accessing only
+It is generally recommended to avoid using untrusted input in a JEXL expression.
+If it is not possible, JEXL expressions should be run in a sandbox that allows accessing only
 explicitly allowed classes.
 </p>
 </recommendation>
@@ -60,4 +60,4 @@ that checks if callees are instances of allowed classes.
   <a href="https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection">Expression Language Injection</a>.
 </li>
 </references>
-</qhelp>
\ No newline at end of file
+</qhelp>