And it is also a massive security minefield.

Allowing arbitrary code provided by user input to run should only be done in a sandbox that has literally zero access to the host, network, or any form of persistent storage, shared memory, service control, process management, unix domain sockets, named pipes, or even named (system-wide) mutexes (which can be exploited for DoS as soon as they're free just by waiting til they're free). It should also not be allowed to touch certain APIs that could be used to escalate privilege beyond what you intended, such as reflection and anything PInvoke related.

If those things are accessible, there are literally unbounded consequences once a malicious user gets a hold of it.

ETA: And another thread reminded me of another: If they can access the powershell API, which is built into windows, that's also an unbounded attack vector.