Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The skill requires generated HTML to load snapdom from unpkg.com at render time, which introduces unnecessary external network access and a third-party supply-chain dependency into what should be a local HTML-to-PNG workflow. If the CDN content changes, is compromised, or is blocked, rendering behavior can become unsafe or unreliable, and the headless browser may execute untrusted remote JavaScript during conversion.
