Affiliate Link Injector

The 'affiliate-link-injector' skill requests highly sensitive credentials, including WordPress REST API keys and multiple affiliate network API keys (Amazon, ShareASale, Impact, CJ Affiliate), to be handled by the AI agent. While these are functional requirements for its stated purpose of automating monetization, the instructions in SKILL.md encourage users to provide these secrets directly within the prompt context (Example 3), which creates a significant risk of credential theft or exposure via prompt injection. The skill also requests broad integrations with Google Docs and Slack, increasing the potential impact of a compromise, although no explicit malicious exfiltration logic or unauthorized remote endpoints were found.