Web to PDF

This skill appears to do what it claims, but review and consider the following before installing: - Source trust: the package has no homepage and an opaque owner ID. If you don't trust the author, review the included scripts manually (you already have them) before running npm/pip installs. - Installer behavior: `npm install` (Playwright) will download code and Chromium binaries from external registries. Do this only on a machine you control; prefer an isolated environment (container/VM) if possible. - Untrusted URLs: the skill loads arbitrary URLs with a headless browser. Treat this like opening a webpage in a browser — it can run JS, fingerprint, or attempt attacks. Do not run it on systems with sensitive network access unless you sandbox it. - Command invocation risk: the script uses execSync with a composed shell command. If you or an automated agent supplies an output path that contains shell metacharacters (e.g., command substitution), that could be executed. Use safe, simple output filenames or run the script with a hardened wrapper (or patch the code to use spawn/spawnSync with argument arrays) to remove shell interpolation. - Operational prerequisites: Node.js (18+), Python3, and Pillow must be installed; Playwright will install Chromium. Ensure you have disk space and network access for these downloads. If you plan to use this skill frequently, consider auditing/patching the execSync call to use a safe spawn variant, and run the skill in a sandboxed environment (container or dedicated VM). If you are unsure about the author given the missing homepage/metadata, prefer to run only the reviewed code locally rather than allowing automatic installs in a shared environment.