The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The documentation in references/features.md and references/troubleshooting.md includes examples using BinaryFormatter to save and load diagram models. BinaryFormatter is inherently insecure and can lead to arbitrary code execution if it deserializes data from an untrusted source, as it does not validate the types being reconstructed. It is recommended to use safer alternatives like XmlSerializer or JSON-based serialization.
[DYNAMIC_EXECUTION]: The skill promotes the use of BinaryFormatter.Deserialize for restoring diagram states in references/features.md and references/troubleshooting.md. This pattern of dynamic object reconstruction from serialized streams is a known security risk (CWE-502) and has been deprecated for many use cases by Microsoft due to the potential for malicious type injection and remote command execution.

syncfusion-winforms-diagram