Here's a demonstration. Basically, thanks to both allow-same-origin and allow-scripts, I can access top despite being sandboxed. With an extra step of adding an image to the document, this makes XSS possible. So far, I've tested on Chrome, Firefox, and Edge. All of them are vulnerable.

Welcome to the forum, but security bugs shouldn't be posted here. They should be reported via email: contact@snap.berkeley.edu

This has already been reported.

Thanks for the report. Both of the above posts are correct. We know that JSFunction is pretty open right now, but that's definitely intended, and the user still has to interact with the project before something happens.