0xkey-keyops-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly auto-fetches operator binaries and release metadata from public GitHub Releases (see scripts/fetch_qos_client.py and role_init.py + SKILL.md / references/qos-client-platform.md which resolve /repos/0xkey-io/qos/releases/latest and download qos_client and its .sha256), so it ingests open third‑party content that can materially change runtime actions (installed binary, resolved tag) rather than only displaying it.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime auto-fetch (scripts/fetch_qos_client.py and role_init.py) resolves GitHub Releases (e.g. GET https://api.github.com/repos/0xkey-io/qos/releases/latest and downloads assets from https://github.com/0xkey-io/qos/releases/download//qos_client.) to install the qos_client binary which the workflow requires and may execute, so remote content fetched at runtime can supply executable code the agent relies on.