affiliatematic

This skill/documentation describes a typical client-side affiliate widget that loads a remote script from affiliatematic.com to analyze page content and render Amazon affiliate recommendations. The behavior (reading DOM, using an affiliate tag, calling a third-party API) is consistent with the stated purpose. The primary security concerns are supply-chain and privacy risks from executing an unpinned remote script and routing page content and affiliate tags through a third-party operator. There is no direct evidence of malware or credential-harvesting code in the provided fragment, but the design allows the remote script to exfiltrate page content or alter links if the operator or their infrastructure is malicious or compromised. Publishers should review affiliatematic.com's privacy policy, request details on what data is sent, consider using CSP/SRI if possible, and treat the external script as a high-trust dependency.