zero-cost-tracking

[Skill Scanner] Credential file access detected This README describes a conversion-tracking integration that legitimately collects form data (including PII) and forwards it to analytics providers (Google, Meta) and a site backend (Sheets). There are no direct indicators of malware or supply-chain download-execute attacks in this document. The primary security/privacy concern is that the package collects sensitive PII client-side and forwards it to third parties — this is expected for Enhanced Conversions but requires strict consent enforcement, secure server-side handling, and correct storage of Meta tokens in Cloudflare Zaraz. Without the actual package/source code and server-side webhook implementation, consent enforcement and safe handling cannot be verified; review of the package implementation and backend is recommended before deployment. LLM verification: This SKILL.md is a documentation/integration guide for a conversion-tracking package. Functionality described (reading form inputs, pushing dataLayer events, sending PII to analytics/ads and a Sheets webhook, using Cloudflare Zaraz for Meta CAPI) is consistent with its stated purpose. The primary risks are privacy/compliance (handling PII), supply-chain risk from unpinned npm installation, and high trust surface in GTM/Zaraz/crm-integrations configurations. There is no direct evidence of obfusca