dotnet-msix
Warn
Audited by Snyk on Mar 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The CI examples invoke external GitHub Actions that are fetched and executed at workflow runtime (e.g., uses: actions/checkout@v4 -> https://github.com/actions/checkout, actions/setup-dotnet@v4 -> https://github.com/actions/setup-dotnet, actions/upload-artifact@v4 -> https://github.com/actions/upload-artifact), so remote code is executed and the pipeline depends on those external repos.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs creating and installing certificates, signing packages, and provisioning MSIX packages (including Add-AppxProvisionedPackage -Online and installing certs into trusted stores) which modify system trust and install software and may require administrative privileges, so it directs actions that change the machine's state.
Audit Metadata