The taint is generated because calls to
frame:Show() or
frame:Hide() are blocked if used on a protected frame while in combat. There is a way around this using SecureStateDrivers, but this is for very specific reasons.
This might be caused by either of the links to Blizzards functions you have.
ActionButton_OnLoad() or
ActionButton_UpdateAction(). From the taint path, it looks to be the first.
Something you might try is use XML to create a template and use the following in between the <Scripts> tags:
Code:
<OnLoad function="ActionButton_OnLoad"/>
Then reference the template in your
CreateFrame() call and set up the rest.
I'm not entirely sure if taint would be passed on to the OnLoad script, but it's worth a try.