dotnet10-pack-tool

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill lists and requires pulling/running the AOT-compatible container image mcr.microsoft.com/dotnet/sdk:10.0-noble-aot, which would be fetched and executed during build/runtime and therefore constitutes execution of remote code from an external URL.