The Agent Skills Directory

[Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill instructs the use and installation of the @zumer/snapdom package from npm and unpkg.com. The organization zumerlab is not a trusted source, meaning the library has not been verified for safety.
[Dynamic Execution] (MEDIUM): A plugin system allows custom JavaScript to be executed during the rendering process (hooks like beforeSnap and afterExport). This creates a surface for executing arbitrary code if untrusted plugins are provided to the tool.
[Data Exposure & Exfiltration] (LOW): The useProxy configuration allows routing requests through an external server. While intended for CORS handling, it can be misused to redirect network traffic or expose request metadata to a third-party service.
[Indirect Prompt Injection] (LOW): The skill ingests untrusted DOM elements for processing, which could contain malicious content designed to influence the agent via vision/interpretation of the resulting image.
Ingestion points: The snapdom() function and its variants in SKILL.md accept DOM elements as input.
Boundary markers: Absent; the skill does not use delimiters to isolate untrusted DOM content.
Capability inventory: File downloads, network proxying, and font fetching.
Sanitization: None identified in the provided documentation or scripts.

snapdom