OS Command Injection and Silverlight?

OS Command Injection and Silverlight?

A Veracode analysis of one of our assemblies finds that use of
System.Windows.AssemblyPart.Load(Stream) is a "severe" security flaw
because it allows for an OS command injection, or CWE-78.
We use AssemblyPart.Load when dynamically loading XAP modules: reading the
AppManifest from the resource stream, parsing out the AssemblyParts, and
then loading them.
First, it's not clear to me why the Load(stream) is a security flaw, as I
can't find anything describing this flaw as it relates to Silverlight.
If it is potentially dangerous to the OS, how can it be mitigated?